Bug 1004000

Summary: SELinux is preventing /usr/lib/systemd/systemd-logind from 'search' accesses on the directory .X11-unix.
Product: [Fedora] Fedora Reporter: Rajkumar <rajgfx>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: dominick.grift, dwalsh, lvrabec, mgrepl, rajgfx
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:0a8f0585f6f59a443c9e338a67bb968f3030f1d29ac5b6c6e15408daa16c73dd
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-10-25 10:20:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rajkumar 2013-09-03 16:57:03 UTC
Description of problem:
When fedora 19 is updated to 3.10.10 the sky fell loose. I was using kde plasma alongwith fedora 19. After the update kde  began to show errors viz. no animation, no sound, etc. Actually the sound is gone from the fedora 19 too. A very long bootin time is also there with a prompt to enter ctrl + D , Iam using ctrl+alt+del to start to plymouth bootscreen. Even for shutting down it is asking for authenticcation. A complete mess.
SELinux is preventing /usr/lib/systemd/systemd-logind from 'search' accesses on the directory .X11-unix.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that systemd-logind should be allowed search access on the .X11-unix directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep systemd-logind /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:systemd_logind_t:s0
Target Context                system_u:object_r:xserver_tmpfs_t:s0
Target Objects                .X11-unix [ dir ]
Source                        systemd-logind
Source Path                   /usr/lib/systemd/systemd-logind
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           systemd-204-9.fc19.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-73.fc19.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.10.9-200.fc19.x86_64 #1 SMP Wed
                              Aug 21 19:27:58 UTC 2013 x86_64 x86_64
Alert Count                   11
First Seen                    2013-09-03 21:31:11 IST
Last Seen                     2013-09-03 22:11:03 IST
Local ID                      77a2eb7b-77d6-4e30-9e09-5b19044c2d6b

Raw Audit Messages
type=AVC msg=audit(1378226463.863:481): avc:  denied  { search } for  pid=558 comm="systemd-logind" name=".X11-unix" dev="tmpfs" ino=17382 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:xserver_tmpfs_t:s0 tclass=dir


type=SYSCALL msg=audit(1378226463.863:481): arch=x86_64 syscall=access success=no exit=EACCES a0=7fae83b491c0 a1=0 a2=30 a3=7fae80a247d8 items=0 ppid=1 pid=558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=systemd-logind exe=/usr/lib/systemd/systemd-logind subj=system_u:system_r:systemd_logind_t:s0 key=(null)

Hash: systemd-logind,systemd_logind_t,xserver_tmpfs_t,dir,search

Additional info:
reporter:       libreport-2.1.6
hashmarkername: setroubleshoot
kernel:         3.10.9-200.fc19.x86_64
type:           libreport

Potential duplicate: bug 902168

Comment 1 Miroslav Grepl 2013-09-03 18:59:46 UTC
Where is .X11-unix located?

#ls -lZ /tmp/.X11-unix -d
drwxrwxrwt. root root system_u:object_r:xdm_tmp_t:s0   /tmp/.X11-unix

Comment 2 Daniel Walsh 2013-09-04 13:31:41 UTC
Might be a labelling issue on the system.  Could /tmp be labeled tmpfs_t?

Comment 3 Rajkumar 2014-06-23 02:58:20 UTC
I have upgraded to Heisengug. But the problem still exists. I have installed KDE plasma along with Heisenbug. There is Windows 7 too installed. When the pc boots into Fedora 20, it does not show the login screen. On hitting the ctrl+alt+del, it restarts and go on to the login screen without trouble. Always I have to restart it.