-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/25/2013 07:26 AM, Johan Vermeulen wrote:
> Hello All,
>
> I set up ltsp regulary, on Centos6 machines.
>
> This morning I have a Selinux problem that usualy does not occur: after
> setting everything up, the thinclients boot, but nobody can login.
>
> It only works after the command :
>
> # echo 0 > /selinux/enforce
>
> I tried this semanage command:
>
> # semanage fcontext -a -t bin_t /usr/bin/xauth
>
> but it makes no difference.
>
> The message I'm now seeing in /var/log/audit/audit.log :
>
> type=AVC msg=audit(1385112688.399:67769): avc: denied { write } for
> pid=8218 comm="xauth" name="caw" dev=md1 ino=262145
> scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:home_root_t:s0 tclass=dir type=SYSCALL
> msg=audit(1385112688.399:67769): arch=c000003e syscall=2 success=no
> exit=-13 a0=7fffdecf5c60 a1=c1 a2=180 a3=8 items=0 ppid=8217 pid=8218
> auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500
> fsgid=500 tty=(none) ses=9 comm="xauth" exe="/usr/bin/xauth"
> subj=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 key=(null)
>
> Can anybody help me overcome this without disabling Selinux?
>
> Many thanks. Greetings, J.
>
The problem here is the director caw is mislabeled.
restorecon -R -v /home
Should fix its label.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlKTV0IACgkQrlYvE4MpobOp1gCbBms5PWIKCeOKi5sbz28i8Pf7
ZNcAniJDr6h+ncJpkuMsa9qfVRwTAHaT
=67Mu
-----END PGP SIGNATURE-----