Bug 117115
Summary: | Problem running programs what need root privileges as normal user in X | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Vaclav "sHINOBI" Misek <misek> |
Component: | policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | bmillett, ronny-rhbugzilla, schwandter+bugs |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | athlon | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-04-04 20:38:06 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Vaclav "sHINOBI" Misek
2004-02-28 19:52:35 UTC
The long list of avc denied messages when trying to start programs with consolehelper avc: denied { read } for pid=5899 exe=/usr/bin/consolehelper-gtk name=.Xauthority dev=hda3 ino=543620 scontext=user_u:user_r:user_t tcontext=system_u:object_r:home_root_t tclass=file avc: denied { getattr } for pid=5899 exe=/usr/bin/consolehelper-gtk path=/home/ronny/.Xauthority dev=hda3 ino=543620 scontext=user_u:user_r:user_t tcontext=system_u:object_r:home_root_t tclass=file avc: denied { read } for pid=5899 exe=/usr/bin/consolehelper-gtk name=.fonts.cache-1 dev=hda3 ino=543665 scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t tclass=file avc: denied { getattr } for pid=5899 exe=/usr/bin/consolehelper-gtk path=/home/ronny/.fonts.cache-1 dev=hda3 ino=543665 scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t tclass=file avc: denied { create } for pid=5899 exe=/usr/bin/consolehelper-gtk name=.fonts.cache-1.TMP-j1tcYs scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t tclass=file avc: denied { write } for pid=5899 exe=/usr/bin/consolehelper-gtk path=/home/ronny/.fonts.cache-1.TMP-j1tcYs dev=hda3 ino=543664 scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t tclass=file avc: denied { link } for pid=5899 exe=/usr/bin/consolehelper-gtk name=.fonts.cache-1.TMP-j1tcYs dev=hda3 ino=543664 scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t tclass=file avc: denied { unlink } for pid=5899 exe=/usr/bin/consolehelper-gtk name=.fonts.cache-1.TMP-j1tcYs dev=hda3 ino=543664 scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t tclass=file avc: denied { rename } for pid=5899 exe=/usr/bin/consolehelper-gtk name=.fonts.cache-1.NEW dev=hda3 ino=543666 scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t tclass=file avc: denied { write } for pid=5901 exe=/usr/X11R6/bin/xauth name=ronny dev=hda3 ino=543603 scontext=user_u:user_r:userhelper_t tcontext=system_u:object_r:home_root_t tclass=dir avc: denied { add_name } for pid=5901 exe=/usr/X11R6/bin/xauth name=.Xauthority-c scontext=user_u:user_r:userhelper_t tcontext=system_u:object_r:home_root_t tclass=dir avc: denied { create } for pid=5901 exe=/usr/X11R6/bin/xauth name=.Xauthority-c scontext=user_u:user_r:userhelper_t tcontext=user_u:object_r:home_root_t tclass=file avc: denied { link } for pid=5901 exe=/usr/X11R6/bin/xauth name=.Xauthority-c dev=hda3 ino=543664 scontext=user_u:user_r:userhelper_t tcontext=user_u:object_r:home_root_t tclass=file avc: denied { write } for pid=5901 exe=/usr/X11R6/bin/xauth name=.Xauthority dev=hda3 ino=543620 scontext=user_u:user_r:userhelper_t tcontext=system_u:object_r:home_root_t tclass=file avc: denied { read } for pid=5901 exe=/usr/X11R6/bin/xauth name=.Xauthority dev=hda3 ino=543620 scontext=user_u:user_r:userhelper_t tcontext=system_u:object_r:home_root_t tclass=file avc: denied { getattr } for pid=5901 exe=/usr/X11R6/bin/xauth path=/home/ronny/.Xauthority dev=hda3 ino=543620 scontext=user_u:user_r:userhelper_t tcontext=system_u:object_r:home_root_t tclass=file avc: denied { remove_name } for pid=5901 exe=/usr/X11R6/bin/xauth name=.Xauthority-c dev=hda3 ino=543664 scontext=user_u:user_r:userhelper_t tcontext=system_u:object_r:home_root_t tclass=dir avc: denied { unlink } for pid=5901 exe=/usr/X11R6/bin/xauth name=.Xauthority-c dev=hda3 ino=543664 scontext=user_u:user_r:userhelper_t tcontext=user_u:object_r:home_root_t tclass=file avc: denied { create } for pid=5900 exe=/usr/sbin/userhelper name=.xauthCfdwAA scontext=user_u:user_r:userhelper_t tcontext=user_u:object_r:sysadm_home_dir_t tclass=file avc: denied { setattr } for pid=5900 exe=/usr/sbin/userhelper name=.xauthCfdwAA dev=hda3 ino=227160 scontext=user_u:user_r:userhelper_t tcontext=user_u:object_r:sysadm_home_dir_t tclass=file avc: denied { link } for pid=5902 exe=/usr/X11R6/bin/xauth name=.xauthCfdwAA-c dev=hda3 ino=227161 scontext=user_u:user_r:userhelper_t tcontext=user_u:object_r:sysadm_home_dir_t tclass=file avc: denied { write } for pid=5902 exe=/usr/X11R6/bin/xauth name=.xauthCfdwAA dev=hda3 ino=227160 scontext=user_u:user_r:userhelper_t tcontext=user_u:object_r:sysadm_home_dir_t tclass=file avc: denied { read } for pid=5902 exe=/usr/X11R6/bin/xauth name=.xauthCfdwAA dev=hda3 ino=227160 scontext=user_u:user_r:userhelper_t tcontext=user_u:object_r:sysadm_home_dir_t tclass=file avc: denied { getattr } for pid=5902 exe=/usr/X11R6/bin/xauth path=/root/.xauthCfdwAA dev=hda3 ino=227160 scontext=user_u:user_r:userhelper_t tcontext=user_u:object_r:sysadm_home_dir_t tclass=file avc: denied { unlink } for pid=5902 exe=/usr/X11R6/bin/xauth name=.xauthCfdwAA dev=hda3 ino=227160 scontext=user_u:user_r:userhelper_t tcontext=user_u:object_r:sysadm_home_dir_t tclass=file *** Bug 117200 has been marked as a duplicate of this bug. *** Fixed in policy-1.9-18.src.rpm Hmm, strange, I'm still observing the same behavior with updated system to rawhide from 1st April (policy-1.9.2-1). I tried to run fixfiles relabel and then reboot without any change. You need to upgrade the version of usermode to 1.70-2 If you want to run up2date, that also needs an update. Dan Yes, this issue seems to be resolved, therefore I'm closing it with Rawhide |