SELinux

Daniel J Walsh dwalsh at redhat.com
Fri Jan 21 14:34:06 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/21/2011 09:12 AM, John Austin wrote:
> On Fri, 2011-01-21 at 08:49 -0500, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 01/21/2011 08:31 AM, John Austin wrote:
>>> On Fri, 2011-01-21 at 07:42 -0500, Daniel J Walsh wrote:
>>> On 01/20/2011 05:12 PM, Genes MailLists wrote:
>>>>>> On 01/20/2011 05:02 PM, Genes MailLists wrote:
>>>>>>> On 01/20/2011 04:23 PM, Daniel J Walsh wrote:
>>>>>>>
>>>>>>>
>>>>>>>   If I want to run google chrome (say)-
>>>>>>>
>>>>>>>   I tried this:
>>>>>>>
>>>>>>>    mkdir -p sandbox-home/.config
>>>>>>>    rsync -av ~/.config/google-chrome ~/sandbox-home/.config
>>>>>>>
>>>>>>
>>>>>>   (1) Probably relevant - my default proxy is via ssh tunnel ... so I
>>>>>> guess I need to somehow allow access to those ports on localhost ? Where
>>>>>> would I do that ?
>>>>>>
>>>>>>   (2) To avoid this for now - I tried deleting the .config/google-chrome
>>>>>> so it would be a fresh first time run . same problem ... window starts
>>>>>> and exits.
>>>>>>
>>>>>>   Any suggestions ?
>>>>>>
>>>>>>   thanks!
>>>>>>
>>>>>>  g
>>> Lets figure out if this is a chromium problem or something else.  Does
>>>
>>> sandbox -X xterm
>>>
>>> Work?
>>> Hi
>>
>>> Just picking up on this thread - hope I don't confuse the issue
>>> F14 fully updated
>>> kdm, XFCE, NFS4 home directories, NIS
>>
>>> SElinux Enforcing
>>
>>> sandbox -X xterm	fails for me
>>
>>> troubleshooter shows 3 problems
>>
>>> SELinux is preventing /usr/bin/Xephyr from using the signal access on a process
>>
>>> SELinux is preventing /usr/bin/Xephyr from search access on the directory /
>>
>>> SELinux is preventing /usr/bin/kdm from add_name access on the directory .Xauthority-c
>>
>>> ---------------
>>
>>> Setting SElinux Permissive still fails with the two Xephyr problems
>>
>>> In both cases the display flashes very briefly with a rectangular shape
>>
>>> John
>>
>> Is your homedir NFS?
>>
>>
> 
> Yes
> 
> I have
> global - Support NFS home dirs set true
> 
> F14 fully updated - today
> 
> kdm, XFCE, NFS4 home directories, NIS
> 
> John
> 
> 
> 
Ok, we have just started supporting NFS in the Rawhide, version.  Sorry.
 I am not sure if I will back port it to F14, until I see some testing
on it.  I am concerned about how the kernel will handle bind mounts of
nfs on nfs.

One of the key features of sandbox is to create new directories in the
homedir and then bind mount them over ~/ and /tmp.  I am not quite sure
how this will play with NFS and automounter...


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk05mV4ACgkQrlYvE4MpobPEcACfY/zv+OTNPyFjUjvchWrmyRrD
RgAAnRpf/RebXQ/bv+wPajEc6Rwq7pVR
=TzzP
-----END PGP SIGNATURE-----

More information about the users mailing list