On Sun, November 24, 2013 20:08, Timothy Murphy wrote:
I'd like to run SELinux on my CentOS server in enforcing mode, but I get the above message when I run sealert. I assume this is because I am accessing the server from my laptop?
In any case, I googled for the message, and this threw up dozens of similar queries over many years. Most of the ones I read offered methods of avoiding the problem rather than solving it.
Am I right in thinking the message arises from my remote connection?
Yes. It arises from your ssh connection. You are probably using the -Y or -X option with xauth.
And if so, is there a simple solution?
Perhaps. The error you have is caused by one of two things: 1. incorrect SELinux settings on the ~/.Xauthority file or your home directory. Run restorcon -vR ~ to fix those. 2. incorrect ownership or permissions on ~/.Xauthority.
The second condition can also be triggered by logging in via ssh as one user and su -l to another on the remote host. In my case I find that the second circumstance is the most frequent cause of the exact error you report.
HTH
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/25/2013 08:50 AM, James B. Byrne wrote:
On Sun, November 24, 2013 20:08, Timothy Murphy wrote:
I'd like to run SELinux on my CentOS server in enforcing mode, but I get the above message when I run sealert. I assume this is because I am accessing the server from my laptop?
In any case, I googled for the message, and this threw up dozens of similar queries over many years. Most of the ones I read offered methods of avoiding the problem rather than solving it.
Am I right in thinking the message arises from my remote connection?
Yes. It arises from your ssh connection. You are probably using the -Y or -X option with xauth.
And if so, is there a simple solution?
Perhaps. The error you have is caused by one of two things: 1. incorrect SELinux settings on the ~/.Xauthority file or your home directory. Run restorcon -vR ~ to fix those. 2. incorrect ownership or permissions on ~/.Xauthority.
The second condition can also be triggered by logging in via ssh as one user and su -l to another on the remote host. In my case I find that the second circumstance is the most frequent cause of the exact error you report.
HTH
What AVC messages are you getting?
-
Daniel J Walsh -
James B. Byrne