The kde read/writing to /.kde is a kde bug/ kdm should
have a home
directory that we could give access to, not /. I have this
setup and
although it genetates AVC's I am able to login fine.
Although gdm
works better.
If you want to get rid of these avc's you could
execute.
# semanage fcontext -a -t xdm_var_run_t
'/\.kde(/.*)?'
# restorecon -R -v /.kde
Running crontab -e as root, problem is also a
kdebase/konsole problem of
leaked file descriptors. If you do an ls /proc/self/fd in
the konsole
you will see a whole bunch of file descriptors that have
been leaked to
the konsole. When you start a confined domain from the
console SELinux
reports these leaked file descriptors and closes them.
ls -l /proc/self/fd
should show something like
# ls -l /proc/self/fd
total 0
lr-x------. 1 root root 64 2009-03-26 08:31 0 ->
/dev/pts/4
lrwx------. 1 root root 64 2009-03-26 08:31 1 ->
/dev/pts/4
lrwx------. 1 root root 64 2009-03-26 08:31 2 ->
/dev/pts/4
lr-x------. 1 root root 64 2009-03-26 08:31 3 ->
/proc/32759/fd
Which are three fd's to the terminal and one to the
directory you are
listing.
I see no avc that would break crontab -e?
The avc denies crontab to display it and
therefore the error. This happens on two machines running rawhide since the third one
broke down :(. I can't test it there :(
[olivares@riohigh ~]$ crontab -l
Authentication service cannot retrieve authentication info
You (olivares) are not allowed to access to (crontab)
because of pam
configuration.
Looks like you are running this as a normal user? Or are
you running as
root?
Normal user, even root can't edit crontab because the authority is denied
:(, yes pam configuration :)
I can not get this to happen on my machine, so I think it
might be
something about the way you have pam setup? Do you have
anything
special setup in pam?
No, just regular default setup as it comes. Nothing special
set aside.
Will try to apply the changes and report back. Thanks for helping out.
Regards,
Antonio