Firefox 3 Release

According to Spread Firefox the official release time for Firefox 3.0 will be at 10AM PST, so 1PM EST (for me). Are you excited? Really excited? Well if you are, I feel sorry for you ;-)

I took a note from Chris Blizzard and cheated by downloading already by typing out the full URL into a mirror (no, I didn’t use a link).

Unfortunately for Fedora 9 users I haven’t seen any notice of an update (Fedora 8 no clue). Perhaps it will be available in a day or so? Still bugs to deal with? There was a tip for Fedora/Linux users:

a) disable "Tell me if the site I'm visiting is a suspected attack site/forgery"
in Preferences->Security
b) remove the urlclassifier* files in ~/.mozilla/firefox/profile
(while FF is not running)

Not sure if it works, I haven’t tested it – yet.

Otherwise as a last general tip for people who are upgrading/updating straight from Firefox 2.0.x to Firefox 3, I would recommend at least backing up your Mozilla/Firefox profile and settings (just in case):

# cp -a ~/.mozilla/ ~/moz_prof_pre_ff3

Windows users (yes, I still use it), back up:
C:\Documents and Settings\USERNAME\Application Data\Mozilla

Otherwise, I guess FF3 is very nice for the massive updates on the insides (security, rendering, support, speed, memory, etc.) although I find the some of the user interfaces changes annoying as all ‘heck’. I’m sure they’ll grow on me just like I’ve learned to tolerate many of the often bass-ackwards gui changes the Mozilla team has implemented over the years.

Happy Firefox-ing.

SELinux Preventing SSH Passwordless Login

Since upgrading to Fedora 9, I am trying much harder to work with SELinux. For the most part it is pretty easy.

I am using passwordless SSH logins between my CentOS 5.1 server and my Fedora 9 desktop. Since my Fedora 8 never used SELinux, all my file contexts were “wrong” when I mounted my /home partition. I noticed the following error when I tried to ssh from my server to Fedora (I read /var/log/messages):

setroubleshoot: SELinux is preventing access to files with the label, file_t.
For complete SELinux messages. run sealert -l f414b4c3-ed13-4b83-8a67-3df599e16723

Realizing this is a file context issue, I am pretty sure that a “relabel” (touch /.autorelabel; reboot) would fix this. However I don’t want to reboot at the moment. I ran the above recommendation (I am shortening the output here):

[mirandam@charon ~]$ sealert -l f414b4c3-ed13-4b83-8a67-3df599e16723

Summary:
SELinux is preventing access to files with the label, file_t.

Allowing Access:
You can execute the following command as root to relabel your computer system:
touch /.autorelabel; reboot

Additional Information:
Source Context                system_u:system_r:sshd_t:s0-s0:c0.c1023
Target Context                system_u:object_r:file_t:s0
Target Objects                /home/mirandam/.ssh/authorized_keys [ file ]

Raw Audit Messages
host=charon.lunar type=AVC msg=audit(1213619507.698:11): avc:  denied  { getattr } for  pid=2396
 comm=sshd path=/home/mirandam/.ssh/authorized_keys dev=sda13 ino=2950756 
scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file

Simple fix (without reboot):

[mirandam@charon ~]$ /sbin/restorecon -v ~/.ssh/authorized_keys

While this was not a serious problem (I was still able to login to SSH by using password), the above steps of reading the logs and following recommendations should remedy most SELinux issues. If you are logged into your desktop console directly (e.g. GNOME) – I was not, the SELinux Troubleshooter would help with all of the above with graphical tools.