SELinux

[Tim]

On Thu, 2011-01-20 at 02:00 +0200, Kostas Sfakiotakis wrote:
> The normal user is even unable to launch the X Windows
> since SELinux blocks xauth from writing to his home directory
>  
> /usr/bin/xauth ( as source process )
> Attempted this access : write
> On this directory : kostas ( actually is /home/kostas , the home 
> directory of the user )

Which, suggests, some checking of the normal permissions on that
directory, and it's parent.  Likewise, some checking for SELinux
contexts.  You can do that with the "ls -Z" command.

ls -Zd /home ought to be:
drwxr-xr-x  root root system_u:object_r:home_root_t:s0 /home

ls -Zd /home/kostas ought to be:
drwx------  kostas kostas system_u:object_r:user_home_dir_t:s0 /home/kostas

And the contents inside your space (ls -Z /home/kostas), ought to be:
-rw-------  kostas kostas unconfined_u:object_r:user_home_t:s0 

NB:  You can have additional permissions (it might be executable, as
well, or also readable by group or other users), but those would be the
minimum.


If you find that you're having a plethora of SELinux problems, it might
be a good idea to let the system relabel the whole drive with the
default contexts.  If you've ever run the system with SELinux disabled,
then that's one potential cause for the contexts to be miss-set (any
file written during that time, wouldn't have them).

If there's one thing that I really hate about SELinux, it's the hideous
names that they gave to the contexts.  They're not intuitive, nor
convenient for typing by hand.

-- 
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.