SE Linux Questions
Russell Coker
russell at coker.com.au
Tue Apr 13 23:23:46 UTC 2004
On Wed, 14 Apr 2004 01:48, "Jason Montleon" <monty19 at hotmail.com> wrote:
> I choose no and move on, fair enough. However, if I try to run startx I
> get the following :
> Apr 13 11:21:01 fc2 kernel: audit(1081869661.602:0): avc: denied { search
> } for pid=8996 exe=/usr/X11R6/bin/xauth name=jason dev=hda4 ino=581186
> scontext=user_u:sysadm_r:sysadm_xauth_t
> tcontext=system_u:object_r:user_home_dir_t tclass=dir
For a user who is not in user_r the thing to do is to give them an entry in
the "users" file and then relabel their home directory so it matches.
> and back in this time selecting user_u:user_r:user:t
> Now I can run startx but when I try to run the system-control-network
> program, I just get tons of these messages on the screen if I hit
> Ctrl-Alt-F[1-6]:
> Apr 13 11:11:12 fc2 kernel: audit(1081869072.436:0): avc: denied { setuid
> } for pid=1237 exe=/bin/bash capability=7 scontext=user_u:user_r:user_t
> tcontext=user_u:user_r:user_t tclass=capability
> Apr 13 11:11:12 fc2 kernel: audit(1081869072.471:0): avc: denied { setuid
> } for pid=1237 exe=/usr/sbin/usernetctl capability=7
> scontext=user_u:user_r:user_t tcontext=user_u:user_r:user_t
> tclass=capability
You should be staff_r or sysadm_r for such things.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-test-list
mailing list