Selinuxprevents from graphical login

Daniel J Walsh dwalsh at redhat.com
Mon Nov 29 19:07:26 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/27/2010 10:37 AM, antonio montagnani wrote:
> antonio ha scritto / said the following    il giorno/on 27/11/2010 16:08:
>> Chris Tyler ha scritto / said the following    il giorno/on 27/11/2010
>> 15:58:
>>> On Sat, 2010-11-27 at 15:47 +0100, Antonio M wrote:
>>>> On one of my  systems, if Selinux is targeted I cannot access to
>>>> graphical session, as password would be wrong (all users and root)
>>>> As soon as Selinux=0 at boot time system works fine.System is fully updated
>>>> I cannot find a related bug in bugzilla...
>>>> Tnx
>>> Did you try relabeling the whole system? May be required if you've run
>>> with selinux off (permissive is better if you want to temporarily
>>> disable selinux):
>>>
>>> 	touch /.autorelabel; reboot
>>>
>>> -Chris
>>>
>> I used the graphical management tool to relabel it, that should do what
>> you suggest (and I rebooted): now I will see what happens in Permissive
>> mode.
>> Any way to see a log of Selinux on my system???
>>
>> Tnx
>>
>> Antonio
> 
> I rebooted in permissive mode and of course I can login: but I have a 
> long list of Selinux ACV that I cannot decode :-(
> 

Please send them to me, and I will look at them.  Or run them through
audit2allow

ausearch -m avc -ts recent | audit2allow

Should give me an idea of what you are seeing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzz+e4ACgkQrlYvE4MpobPEYQCgxqCd1suWFwKB1CQ5qitxoYk6
CtcAnRzEq40m1TjLas4RRi6i4zuSAyoQ
=DiF2
-----END PGP SIGNATURE-----


More information about the users mailing list