Cannot login to F15 without nomodeset

Daniel J Walsh dwalsh at redhat.com
Wed Apr 27 16:33:35 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/27/2011 11:51 AM, Per Bothner wrote:
> On 04/27/2011 05:22 AM, Daniel J Walsh wrote:
>> On 04/27/2011 02:45 AM, Per Bothner wrote:
>>> (I'm still having problems with symlinks from /var/www/html
>>> into /home.  The fix that worked on F13 and F14 no longer works,
>>> and the SeLinux Alert Browser isn't as helpful as it used to be.)
>> Per Bothner, send me the AVC's you are struggling with and I will see if
>> I can help you, also the alert that is not being helpful.
> 
> I link /var/www/html/per to /home/bothner/public_html.
> 
> The SELinux Alert browser gives me a number of options, the first of which
> was to do:
>   /sbin/restorecon -v /home
> After doing that, and refreshing the web  browser then the alert browser
> suggests
>    /sbin/restorecon -v /home/bothner
> Then it suggests:
>   /sbin/restorecon -v /home/bothner/public_html
> Now it wants:
>   /sbin/restorecon -v /home/bothner/public_html/index.html
> Clearly this is not the right path - I can't individually relabel every
> single file.
> 
> The next alternative it suggests
>   If you think this is caused by a badly mislabeled machine.
>   Then you need to fully relabel.
>   Do
>   touch /.autorelabel; reboot
> 
> I haven't tried that yet since I'm expecting that to take a long time.
> It is possible that is the issue - the files were copied over (using tar)
> from a different laptop, which may not have carried SELinux lae\bel over.
> (I'm unclear on this.)
> 
> The suggestion I found particularly unhelpful is:
> 
>   If you want to allow httpd to have getattr access on the index.html file
>   Then you need to change the label on /home/bothner/public_html/index.html
>   Do
>   # semanage fcontext -a -t FILE_TYPE
> '/home/bothner/public_html/index.html'
>   where FILE_TYPE is one of the following: [[long list]].
>   Then execute:
>   restorecon -v '/home/bothner/public_html/index.html'
> 
> First, I can't figure out what in the [[long list]] is appropriate.
> Second, the "then" part suggests this might only fix one file at a time.
> 
> I'm guessing the "full relabel" is the right thing.

Do you have
httpd_enable_homedirs turned on?

setsebool -P httpd_enable_homedirs 1

What avc's are you seeing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk24RV8ACgkQrlYvE4MpobMafwCePHx36mQNJuw/vbRZ4JXsCJgk
KPoAnRVX9gpXnLEWC2J0olMUuyU62ceG
=OlQe
-----END PGP SIGNATURE-----

More information about the test mailing list