SELinux help
Daniel J Walsh
dwalsh at redhat.com
Fri Sep 3 13:15:13 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/02/2010 08:16 PM, Chris Smart wrote:
> HI all,
>
> I know there's been a lot of discussion about SELinux lately, but I
> like it and I use it (although I'm a recent Fedora convert). However,
> just today I have hit a snag and I don't know to get around it - I'm
> after some advice on how to work around it (without turning SELinux
> off!).
>
> I have a Fedora 13 OpenLDAP server for central authentication and
> Fedora boxes which are configured to authenticate to the LDAP server
> (done using Fedora's authconfig-gtk tool). In the tool under "Advanced
> Options" I have ticked the "Create home directories on the first
> login" for obvious reasons.
>
> The problem is that when the user logs in, SELinux is blocking it
> because it does not expect xauth to have write access to create the
> home directory.
>
> "SELinux is preventing /usr/bin/xauth "write" access on [user]"
>
> How do I go about solving this? In fact, what is the _right_ way to solve this?
>
> Thanks,
> Chris
I am not sure what system-config-authorization is doing, is it setting
up pam_oddjob_mkhomedir or pam_mkhomedir. It would be better if it used
pam_oddjob_mkhomedir.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkyA9OAACgkQrlYvE4MpobML8gCgxbUgVoMgqcCu+egi0NCBB6oD
sywAn04F+tnj6bT5fdODAsiAUMKeW27U
=HXfl
-----END PGP SIGNATURE-----
More information about the users
mailing list