On 06/05/2017 02:09 PM, Walter H. wrote:
On 05.06.2017 16:34, Ed Greshko wrote:
That is documentation from F14 and is way out of date.
of course and didn't meet my needs as there must be a user logged on ...
Again, late hour, I should have also mentioned that the AVC messages are
held in /var/log/audit/audit.log
You can grep on type=AVC in the file to see if you're getting the errors
that I noted. I fixed it by following the troubleshooting advice of the
seapplet. I had to run, as root,
ausearch -c 'systemd' --raw | audit2allow -M my-systemd
semodule -X 300 -i my-systemd.pp
a couple of times since there were 2 distinct AVC's A deny on unlink
and a deny on open.
I did it this way: stored the following to e.g. bugfix.tt
module systemd_vnc_bugfix 1.0.0;
require {
type user_home_t;
type init_t;
class file { open read unlink };
}
#============= init_t ==============
allow init_t user_home_t:file { open read unlink };
This looks like the file that is labeled user_home_t is mislabeled. This
indicates a file stored in your homedir.
I don't think systemd is open/read/unlink files in homedir.
and then
checkmodule -M -m -o bugfix.mod bugfix.tt
semodule_package -o bugfix.pp -m bugfix.mod
semodule -X 300 -i bugfix.pp
Thanks for your help, hints,
now its working with SElinux = enforcing
Greetings from Austria,
Walter
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
