trying to understand SELinux message

Paul Allen Newell pnewell at cs.cmu.edu
Mon Nov 16 05:47:43 UTC 2009 

Mr. Teo En Ming (Zhang Enming) wrote:
> On Mon, Nov 16, 2009 at 1:09 PM, Paul Allen Newell <pnewell at cs.cmu.edu> wrote:
>   
>> Hello:
>>
>> I just upgraded two of my systems to latest yum update
>> (2.6.30.9-96.fc11.i686.PAE) with the hopes that the CD and DVD issues have
>> been resolved (they have, almost, but thats a separate bugzilla report).
>>
>> What I am querying about in this email is a message that I am seeing when I
>> log in as root (yes, I know the caveats and try to respect, but I always
>> make sure the ability is there if I need it). I log in from the start page
>> GUI and there are no problems until, after a couple of seconds later, a
>> pop-up from the "star icon in the upper right" says I got problems. I open
>> it up and it says:
>>
>> "SELinux is preventing the gdm-session-wor from using potentially mislabeled
>> files (/root)."
>>
>> Okay, that's nice to know, but I have no idea what it is trying to tell me
>> needs to be fixed. I've got a couple files in the home directory but nothing
>> looks funny about them (*.txt cut-and-paste of yum update/installs and an
>> html of "how-to-install f11 from scratch").
>>
>> I have edited both /etc/pam.d/gdm and /etc/pam.d/gdm-password per Fedora
>> website instructions to allow root access.
>>
>> Closer inspection says that I first began getting this message on 20jun09
>> after a yum update (I did original f11 install at the beginning of June). I
>> just hadn't noticed it since I don't often log in as root, though I do
>> remember seeing something in the summer and figuring it was a glip that
>> would get fixed in future updates).
>>
>> Any suggestions as to what I should be looking for to get rid of this
>> message ... if I do indeed actually need to pay attention to it. If there is
>> more info I can provide, please let me know what it is and how to get it and
>> I will gladly post such.
>>
>> Thanks in advance,
>> Paul
>>
>>
>> --
>> fedora-list mailing list
>> fedora-list at redhat.com
>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>> Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>>
>>     
>
> You can try to disable SELinux in /etc/selinux/config or in
> /boot/grub/grub.conf.
>
> In /etc/selinux/config, change SELinux to DISABLED.
>
> OR
>
> In /boot/grub/grub.conf, add selinux=0 to the kernel line.
>
> E.g. kernel /vmlinuz ro root=/dev/sda2 selinux=0
>
> You shouldn't start X server or login to GNOME as root.
>
>
>   
My thanks for the prompt reply. I am not certain why I would want to 
disable SELinux as it clearly is part of the Fedora package and is 
trying to tell me that something isn't right.

Yes, I know I should not start X server or login as root ... and that is 
not my normal work habit. But I would expect that I should still be able 
to do such and not have SELinux bark unless there was something wrong. 
It is the "what is wrong" that I am trying to understand and correct.

Paul

More information about the fedora-list mailing list