Not good

[Gene Czarcinski]

On Friday 02 April 2004 02:12, Russell Coker wrote:
> On Fri, 2 Apr 2004 08:28, Gene Czarcinski <gene at czarc.net> wrote:
> > OK, I updated with todays round of updates ... at least with respect to
> > selinux.  This includes the kernel, policy, policy-sources, and
> > policycoreutils.
> >
> > I then rebooted and ran "make reload" and "make relabel".  They seemed to
> > complete OK.  However, I cannot login from gdm as root (!), a regular
> > user, or a user with a sysadm role defined ... I get an indication that
> > the home directory could not be found (including for root).
>
> What AVC messages do you get?

>From /var/log/messages:

Apr  2 04:18:03 hummer gdm(pam_unix)[12970]: session opened for user czarcing 
by (uid=0)
Apr  2 04:18:03 hummer kernel: audit(1080897483.768:0): avc:  denied  { 
getattr } for  pid=12970 exe=/usr/bin/gdm-binary path=/home/czarcing 
dev=hda10 ino=1209338 scontext=system_u:system_r:xdm_t 
tcontext=czarcing:object_r:staff_home_dir_t tclass=dir
Apr  2 04:18:03 hummer gdm[12970]: gdm_slave_session_start: Home directory for 
czarcing: '/home/czarcing' does not exist!
Apr  2 04:18:09 hummer gdm(pam_unix)[12970]: session closed for user czarcing


>
> > BTW, what are the "right" circumstances for running "make relabel"?  I
> > have sometimes gotten an error saying it could not handle "/dev/tty1". 
> > Should I plan to do this from single-user-mode?
>
> The error regarding /dev/tty1 is intentional.  You don't want the terminal
> you are using to run setfiles to be relabeled, that would get in the way of
> other tasks you might want to perform before logging out.

Then this needs to be done better ... it looks like everything stops when this 
occurs and that things did not complete.  Rather than saying it is an error, 
it needs to say what happened and what to do.

Additionally, I don't seem to get this "error" for /dev/tty1 everytime I run 
"make relabel" ... only sometimes.  This does not make sense to me.

Gene