When SELinux is set to enforcing, startx will not bring up the user GUI

Question

I have a machine (CentOS) that is using SELinux that must be set to enforcing (in MLS mode), I want to be able to go into the gui to show the system works in a gui setting for people who don't use a terminal.

When I type in startx (after it hangs for a minute) I get this:

xauth: timeout in locking authority file /root/.serverfile.3345
xauth: timeout in locking authority file /root/.Xauthority

Is there a module that I can install that will allow for me to bring up the gui when the system is set to enforcing? When the system was in permissive startx would bring up the gui, so I know that it works I'm not 100% positive on the correct settings to get this to happen.

score 0 · Answer 1 · answered May 04 '17 at 01:01

Are you sure all files are appropriately labeled?

First suggestion (as root) issue the command

 fixfiles onboot

Then reboot which will fix problematic SELinux labeling and see if you still have the problem.

If that doesn't work, then look at /var/log/messages after installing the setroubleshoot packages to debug the problem in the labeling.

score 0 · Answer 2 · answered May 04 '17 at 06:52

0

You have to look at /var/log/audit/audit.log for DENY messages. You can do that using cat var/log/audit/audit.log | audit2allow

Anyway, SELINUX in MLS mode is very restrictive. There is a reason you are not using the much more common TARGETED mode?

answered May 04 '17 at 06:52

shodanshok

47,711
7
111
180

When SELinux is set to enforcing, startx will not bring up the user GUI

2 Answers2