Thanks for the suggestion, but it was not labeling. It appears to have
had something to do with mls, although I have not had the time to figure
out exactly what. I changed all the mls levels to s0 and the problem
went away. It sure would be nice if there were a feature to disable all
"dontaudit" statements for policy debugging.
Daniel J Walsh wrote:
> I am attempting to get a strict policy working on my FC-6 system
> (version 2.4.3-2.fc6). I have successfully created a user account,
> and I can log both the root and the user account into the GUI. I am
> attempting to get Firefox to work and I am having difficulties. If I
> click on the Firefox icon, I see the program listed as opening, and
> it stays that way for a few seconds and then disappears. If I check
> the message log (var/log/messages), there are no messages (either avc
> or other) generated as a result of the attempt. This only happens
> when the policy is enforcing. When the policy is is not enforcing,
> Firefox loads properly -- also with no messages. I have noticed that
> Firefox is not writing to its .mozilla folder when the policy is
> enforcing, and that it does write to several files in this folder
> when it loads properly. This problem affects both my user account
> and the root account. Can someone please explain why I am not
> receiving any error messages (or any messages at all), and let me
> know what needs to be changed in order to load Firefox?
> fedora-selinux-list mailing list
check /var/log/audit/audit.log for avc messages.
I would guess you have a labeling problem on your home dir.
restorecon -R -v ~/