Bug 117115
| Summary: | Problem running programs what need root privileges as normal user in X | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Vaclav "sHINOBI" Misek <misek> |
| Component: | policy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED RAWHIDE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | bmillett, ronny-rhbugzilla, schwandter+bugs |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | athlon | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2004-04-04 20:38:06 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
The long list of avc denied messages when trying to start programs
with consolehelper
avc: denied { read } for pid=5899 exe=/usr/bin/consolehelper-gtk
name=.Xauthority dev=hda3 ino=543620 scontext=user_u:user_r:user_t
tcontext=system_u:object_r:home_root_t tclass=file
avc: denied { getattr } for pid=5899 exe=/usr/bin/consolehelper-gtk
path=/home/ronny/.Xauthority dev=hda3 ino=543620
scontext=user_u:user_r:user_t tcontext=system_u:object_r:home_root_t
tclass=file
avc: denied { read } for pid=5899 exe=/usr/bin/consolehelper-gtk
name=.fonts.cache-1 dev=hda3 ino=543665 scontext=user_u:user_r:user_t
tcontext=user_u:object_r:home_root_t tclass=file
avc: denied { getattr } for pid=5899 exe=/usr/bin/consolehelper-gtk
path=/home/ronny/.fonts.cache-1 dev=hda3 ino=543665
scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t
tclass=file
avc: denied { create } for pid=5899 exe=/usr/bin/consolehelper-gtk
name=.fonts.cache-1.TMP-j1tcYs scontext=user_u:user_r:user_t
tcontext=user_u:object_r:home_root_t tclass=file
avc: denied { write } for pid=5899 exe=/usr/bin/consolehelper-gtk
path=/home/ronny/.fonts.cache-1.TMP-j1tcYs dev=hda3 ino=543664
scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t
tclass=file
avc: denied { link } for pid=5899 exe=/usr/bin/consolehelper-gtk
name=.fonts.cache-1.TMP-j1tcYs dev=hda3 ino=543664
scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t
tclass=file
avc: denied { unlink } for pid=5899 exe=/usr/bin/consolehelper-gtk
name=.fonts.cache-1.TMP-j1tcYs dev=hda3 ino=543664
scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t
tclass=file
avc: denied { rename } for pid=5899 exe=/usr/bin/consolehelper-gtk
name=.fonts.cache-1.NEW dev=hda3 ino=543666
scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t
tclass=file
avc: denied { write } for pid=5901 exe=/usr/X11R6/bin/xauth
name=ronny dev=hda3 ino=543603 scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=dir
avc: denied { add_name } for pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=dir
avc: denied { create } for pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:home_root_t tclass=file
avc: denied { link } for pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c dev=hda3 ino=543664
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:home_root_t tclass=file
avc: denied { write } for pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority dev=hda3 ino=543620
scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=file
avc: denied { read } for pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority dev=hda3 ino=543620
scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=file
avc: denied { getattr } for pid=5901 exe=/usr/X11R6/bin/xauth
path=/home/ronny/.Xauthority dev=hda3 ino=543620
scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=file
avc: denied { remove_name } for pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c dev=hda3 ino=543664
scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=dir
avc: denied { unlink } for pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c dev=hda3 ino=543664
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:home_root_t tclass=file
avc: denied { create } for pid=5900 exe=/usr/sbin/userhelper
name=.xauthCfdwAA scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
avc: denied { setattr } for pid=5900 exe=/usr/sbin/userhelper
name=.xauthCfdwAA dev=hda3 ino=227160
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
avc: denied { link } for pid=5902 exe=/usr/X11R6/bin/xauth
name=.xauthCfdwAA-c dev=hda3 ino=227161
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
avc: denied { write } for pid=5902 exe=/usr/X11R6/bin/xauth
name=.xauthCfdwAA dev=hda3 ino=227160
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
avc: denied { read } for pid=5902 exe=/usr/X11R6/bin/xauth
name=.xauthCfdwAA dev=hda3 ino=227160
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
avc: denied { getattr } for pid=5902 exe=/usr/X11R6/bin/xauth
path=/root/.xauthCfdwAA dev=hda3 ino=227160
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
avc: denied { unlink } for pid=5902 exe=/usr/X11R6/bin/xauth
name=.xauthCfdwAA dev=hda3 ino=227160
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
*** Bug 117200 has been marked as a duplicate of this bug. *** Fixed in policy-1.9-18.src.rpm Hmm, strange, I'm still observing the same behavior with updated system to rawhide from 1st April (policy-1.9.2-1). I tried to run fixfiles relabel and then reboot without any change. You need to upgrade the version of usermode to 1.70-2 If you want to run up2date, that also needs an update. Dan Yes, this issue seems to be resolved, therefore I'm closing it with Rawhide |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040217 Description of problem: When I try to start any program, what needs root privileges (like system config tools, xmtr etc.), there appear dialog requesting for root pasword. After entering password, there is error message "Could not set exec context to user_u:sysadm_r:sysadm_t." Version-Release number of selected component (if applicable): policy-1.6-13 How reproducible: Always Steps to Reproduce: 1. run xmtr from xterm as non root user 2. enter root password 3. Actual Results: error message "Could not set exec context to user_u:sysadm_r:sysadm_t." Expected Results: No error message, programs should be run with root privileges (context should be set correctly). Additional info: