SELinux
Kostas Sfakiotakis
kostassf at cha.forthnet.gr
Thu Jan 20 01:03:23 UTC 2011
On 20/01/2011 02:39 πμ, Tim wrote:
> Which, suggests, some checking of the normal permissions on that
> directory, and it's parent. Likewise, some checking for SELinux
> contexts. You can do that with the "ls -Z" command.
>
> ls -Zd /home ought to be:
drwxr-xr-x root root system_u:object_r:home_root_t:s0 /home
drwxr-xr-x. root root system_u:object_r:home_root_t:s0 /home
Ok , with the home directory i don´t think that we have a problem
since the 2nd line represent what i got from ls -Zd /home
> ls -Zd /home/kostas ought to be:
>drwx------ kostas kostas system_u:object_r:user_home_dir_t:s0 /home/kostas
drwx------. kostas kostas unconfined_u:object_r:home_root_t:s0 /home/kostas
Again here the 2nd line represents my results ( from ls -Zd /home/kostas )
( am running the command as root )
It seems that am getting different results than the ones that u suggest
> And the contents inside your space (ls -Z /home/kostas), ought to
> be:
-rw------- kostas kostas unconfined_u:object_r:user_home_t:s0
> NB: You can have additional permissions (it might be executable, as
> well, or also readable by group or other users), but those would be
> the minimum.
>
>
> If you find that you're having a plethora of SELinux problems, it
> might be a good idea to let the system relabel the whole drive with
> the default contexts. If you've ever run the system with SELinux
> disabled, then that's one potential cause for the contexts to be
> miss-set (any file written during that time, wouldn't have them).
>
> If there's one thing that I really hate about SELinux, it's the
> hideous names that they gave to the contexts. They're not intuitive,
> nor convenient for typing by hand.
Well i had to rescue my system and SELinux did some relabeling .
In any case since the original problem was about Acrobat Reader , just
let me
say that the problem was fixed when the selinux-policy package was
updated as it was suggested .
More information about the users
mailing list