I'd like to run SELinux on my CentOS server in enforcing mode, but I get the above message when I run sealert. I assume this is because I am accessing the server from my laptop?
In any case, I googled for the message, and this threw up dozens of similar queries over many years. Most of the ones I read offered methods of avoiding the problem rather than solving it.
Am I right in thinking the message arises from my remote connection? And if so, is there a simple solution?
On 25 November 2013 01:08, Timothy Murphy gayleard@eircom.net wrote:
I'd like to run SELinux on my CentOS server in enforcing mode, but I get the above message when I run sealert. I assume this is because I am accessing the server from my laptop?
In any case, I googled for the message, and this threw up dozens of similar queries over many years. Most of the ones I read offered methods of avoiding the problem rather than solving it.
Am I right in thinking the message arises from my remote connection? And if so, is there a simple solution?
Too little information at present to tell.
Does it work if the system is in permissive?
Did you ever have the system in disabled and then switched to permissive/enforcing?
Do you have xauth installed?
9 times out of 10 with this message it's just that there is no (or incorrect) .Xauthority so the X server rightfully denies the untrusted connection.
James Hogarth wrote:
I'd like to run SELinux on my CentOS server in enforcing mode, but I get the above message when I run sealert. I assume this is because I am accessing the server from my laptop?
..
Am I right in thinking the message arises from my remote connection? And if so, is there a simple solution?
Too little information at present to tell.
Does it work if the system is in permissive?
The CentOS server is running with SELinux in permissive mode. I would prefer to run it in enforcing mode, and to that end would like to solve the problem above.
Did you ever have the system in disabled and then switched to permissive/enforcing?
No, CentOS-6.4 was recently installed, and the system has always been in permissive mode.
Do you have xauth installed?
This is the response to "yum install xauth": Package 1:xorg-x11-xauth-1.0.2-7.1.el6.x86_64 already installed and latest version
9 times out of 10 with this message it's just that there is no (or incorrect) .Xauthority so the X server rightfully denies the untrusted connection.
On the server =================== [tim@grover ~]$ ls -lsZ .Xauthority -rw-------. tim tim unconfined_u:object_r:xauth_home_t:s0 .Xauthority =================== Same on the connecting laptop =================== [tim@rose ~]$ ls -lsZ .Xauthority -rw-------. tim tim unconfined_u:object_r:xauth_home_t:s0 .Xauthority =================== Incidentally, if there was something wrong with .Xauthority shouldn't sealert point this out?
On 25 November 2013 11:15, Timothy Murphy gayleard@eircom.net wrote:
James Hogarth wrote:
I'd like to run SELinux on my CentOS server in enforcing mode, but I get the above message when I run sealert. I assume this is because I am accessing the server from my laptop?
..
Am I right in thinking the message arises from my remote connection? And if so, is there a simple solution?
Too little information at present to tell.
Does it work if the system is in permissive?
The CentOS server is running with SELinux in permissive mode. I would prefer to run it in enforcing mode, and to that end would like to solve the problem above.
Just to be clear - does it work (X forwarding) as it is now with the system in permissive mode ... Does it only fail after you go setenforce 1 ?
James Hogarth wrote:
I'd like to run SELinux on my CentOS server in enforcing mode, but I get the above message when I run sealert. I assume this is because I am accessing the server from my laptop?
..
Am I right in thinking the message arises from my remote connection? And if so, is there a simple solution?
Too little information at present to tell.
Does it work if the system is in permissive?
The CentOS server is running with SELinux in permissive mode. I would prefer to run it in enforcing mode, and to that end would like to solve the problem above.
Just to be clear - does it work (X forwarding) as it is now with the system in permissive mode ... Does it only fail after you go setenforce 1 ?
The system works perfectly (with X forwarding) in permissive mode. I haven't tried it in enforcing mode, as it is a remote server and it would be inconvenient if I could not communicate with it.
It has been suggested to me that the problem has nothing to do with selinux. The reason I thought there was a connection is that the warning only appears in the output of sealert.
-
James Hogarth -
Timothy Murphy