Craig White wrote:
On Fri, 2008-07-25 at 20:01 +, Mike wrote:
Thanks for all your help. By the way I think that generating some traffic
on this list concerning SELinux may also help other users think about
making things work rather than switching off SELinux as may have done in the
Todd Denniston wrote:
Stuart
Thanks for the recipe.
you're welcome
if /rootlockeddown/ is on NFS, would the following command do part of
what is needed? (yet more complexity, but then we do have a real world
to live in :)
setsebool -P use_nfs_home_dirs=1
seems that it might. It
Stuart Sears wrote:
Todd Denniston wrote:
Stuart
Thanks for the recipe.
you're welcome
if /rootlockeddown/ is on NFS, would the following command do part of
what is needed? (yet more complexity, but then we do have a real world
to live in :)
setsebool -P use_nfs_home_dirs=1
seems that
On Fri, 2008-07-25 at 20:01 +, Mike wrote:
Thanks for all your help. By the way I think that generating some traffic
on this list concerning SELinux may also help other users think about
making things work rather than switching off SELinux as may have done in the
past.
no doubt - and
Tim ignored_mailbox at yahoo.com.au writes:
I would imagine that the SELinux contexts are wrong. They're applied to
expected filepaths (home space contexts for the usual /home/username/
filepaths), I imagine that they won't get applied across symlinks, as
it'd be too easy for someone to
Mike wrote:
Tim ignored_mailbox at yahoo.com.au writes:
I would imagine that the SELinux contexts are wrong. They're applied to
expected filepaths (home space contexts for the usual /home/username/
filepaths), I imagine that they won't get applied across symlinks, as
it'd be too easy for
Stuart Sears stuart at sjsears.com writes:
how, exactly?
These are the labels on my system (using ls -Z):
/home/* system_u:object_r:user_home_dir_t:s0
/home/USER/*system_u:object_r:user_home_t:s0
/home system_u:object_r:home_root_t:s0
whereas files in /opt/local seem
Mike mike.cloaked at gmail.com writes:
1. yum install setroubleshoot
2. service setroubleshoot start
3. then ssh in
4. look in /var/log/messages on your machine for lines containing 'sealert'
(or just run sealert -b if you have a graphical desktop)
I changed the context and tried
Mike mike.cloaked at gmail.com writes:
The sealert output is:
host=lapmike2 type=AVC msg=audit(1216928753.73:112): avc: denied { search }
for pid=5282 comm=sshd name=Local dev=sda8 ino=1241537
scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:file_t:s0
On Thu, 2008-07-24 at 19:51 +, Mike wrote:
Dave Burns tburns at hawaii.edu writes:
That's some heavy lifting. The cheat I tend to use is
grep sealert /var/log/messages
SELinux puts stuff in the log that includes a suggestion to run its
utility sealert with appropriate
Craig White craigwhite at azapple.com writes:
you probably want to check with the selinux list
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
You may well be right...
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe:
Craig White craigwhite at azapple.com writes:
$ ls -lZ /home/craig/.ssh
-rw--- craig craig user_u:object_r:user_home_t
client.id_dsa.key
-rw--- craig craig user_u:object_r:user_home_t id_dsa
-rw-rw-r-- craig craig unconfined_u:object_r:user_home_t
id_dsa.keystore
-rw-r--r--
On Thu, 2008-07-24 at 22:13 +, Mike wrote:
Craig White craigwhite at azapple.com writes:
No - you really need a better solution because if anything/anyone
relabels, the current policy will trash those settings.
Personally, I think you should probably mount what is /opt as /home and
Todd Denniston wrote:
[ edited. Any context errors resulting are all mine :) ]
I can agree with that, but how do you convince SEL that you desire
/rootlockeddown/user/authorized_keys to be a valid place for sshd
to read? note /rootlockeddown/ is not where home directories are, it
is where the
On Thu, 2008-07-24 at 20:09 +, Mike wrote:
I ran sealert -b and followed the advice therein -
I did
restorecon -R /opt/*
restorecon restores default contexts for that location, but you're
using non-default contexts. For non-standard uses you need to set your
own needed contexts
I have just done a clean f9 install on a laptop where the user areas are
on a separate partition (/opt/Local/home) on the HD.
Having left SELinux on after the install I did my usual post-install
change of doing as root:
cd /
mv home home.dist
ln -s /opt/Local/home .
Now /home is a symlink to
On Wed, 2008-07-23 at 21:36 +, Mike wrote:
I have just done a clean f9 install on a laptop where the user areas are
on a separate partition (/opt/Local/home) on the HD.
Having left SELinux on after the install I did my usual post-install
change of doing as root:
cd /
mv home home.dist
17 matches
Mail list logo