Bug 1114193
| Summary: | SELinux is preventing /usr/bin/xauth from 'write' accesses on the directory . | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Juan Orti <jorti> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 20 | CC: | dominick.grift, dwalsh, jorti, lvrabec, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:612a5bb6a0e069f739ba4e7002c2259afa612ca6f48f139f7493e64a987d8cbe | ||
| Fixed In Version: | selinux-policy-3.12.1-177.fc20 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-07-19 05:59:48 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Where is sddm under /run? find /run -name sddm 9b12fab122fd6dacb92c0fe22241142dad7922e0 adds labeling for /var/run/sddm selinux-policy-3.12.1-177.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-177.fc20 # find /run -name sddm /run/sddm Package selinux-policy-3.12.1-177.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-177.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-8390/selinux-policy-3.12.1-177.fc20 then log in and leave karma (feedback). selinux-policy-3.12.1-177.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: Starting sddm SELinux is preventing /usr/bin/xauth from 'write' accesses on the directory . ***** Plugin catchall (100. confidence) suggests ************************** If cree que de manera predeterminada, xauth debería permitir acceso write sobre directory. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do permita el acceso momentáneamente executando: # grep xauth /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:xauth_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_run_t:s0 Target Objects [ dir ] Source xauth Source Path /usr/bin/xauth Port <Unknown> Host (removed) Source RPM Packages xorg-x11-xauth-1.0.7-4.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-171.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.15.0-1.fc20.x86_64 #1 SMP Tue Jun 17 21:48:04 CEST 2014 x86_64 x86_64 Alert Count 10 First Seen 2014-06-28 14:37:54 CEST Last Seen 2014-06-28 14:38:12 CEST Local ID 962e027b-c145-49eb-9994-b06bae74dc43 Raw Audit Messages type=AVC msg=audit(1403959092.698:582): avc: denied { write } for pid=3021 comm="xauth" name="sddm" dev="tmpfs" ino=19637 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir type=SYSCALL msg=audit(1403959092.698:582): arch=x86_64 syscall=open success=no exit=EACCES a0=7ffffb002590 a1=c1 a2=180 a3=8 items=0 ppid=3020 pid=3021 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=xauth exe=/usr/bin/xauth subj=system_u:system_r:xauth_t:s0-s0:c0.c1023 key=(null) Hash: xauth,xauth_t,var_run_t,dir,write Additional info: reporter: libreport-2.2.2 hashmarkername: setroubleshoot kernel: 3.15.0-1.fc20.x86_64 type: libreport Potential duplicate: bug 710811