Bug 1139615

Summary: pam_systemd causes AVC for ThinLinc
Product: Red Hat Enterprise Linux 7 Reporter: Karl Mikaelsson <derfian>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: mgrepl, mmalik, ovasik
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.13.1-17.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 10:40:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Karl Mikaelsson 2014-09-09 10:50:37 UTC 
Same as https://bugzilla.redhat.com/show_bug.cgi?id=1122013 for RHEL7. Quoting the problem description from that bug:

> pam_systemd is messing around with the given $DISPLAY, causing this AVC:
> 
> > type=AVC msg=audit(1406027132.689:67802): avc:  denied  { search } for pid=4487 comm="tl-session" name=".X11-unix" dev="tmpfs" ino=18235 scontext=system_u:system_r:thinlinc_session_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=dir
>
> Commenting out pam_systemd gets rid of the audit message.
Comment 2 Miroslav Grepl 2014-12-02 13:13:27 UTC 
Has been back ported.
Comment 6 Karl Mikaelsson 2015-02-23 12:43:12 UTC 
Any updates on this? The activity on this bug suggests a fix was ready for a while.
Comment 8 errata-xmlrpc 2015-03-05 10:40:45 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0458.html