Bug 119204
Summary: | ssh-agent and utemper want to write to $HOME/.xsession-errors, which is prohibited by policy | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Aleksey Nogin <aleksey> |
Component: | xinitrc | Assignee: | X/OpenGL Maintenance List <xgl-maint> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | dwalsh, than, twaugh |
Target Milestone: | --- | Keywords: | SELinux |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-10-22 14:35:22 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 119503 | ||
Bug Blocks: |
Description
Aleksey Nogin
2004-03-26 11:28:53 UTC
I am changing policy for xdm to dontaudit on writes to the $1_home_t, which should cause the xsession-errors file to be created on /tmp. Dan Will the xauth stuff still work? Just making sure. Well that actually looks like a bug also. Seems xdm is not transitioning to xauth_t, to allow it to write to the home dir. So I am trying to fix that also. If the transition happens properly xauth_t can write to the home dir and xdm will fail forcing it to write to /tmp dir. I believe that is the way it should work. Dan What about utemper? I am getting audit(1080711300.469:0): avc: denied { getattr } for pid=27008 exe=/usr/sbin/utempter path=/tmp/xses-aleksey.OU2533 dev=hda2 ino=343507 scontext=aleksey:staff_r:utempter_t tcontext=aleksey:object_r:staff_tmp_t tclass=file and I was getting similar write denied messages until I added an allow for them. kdebase just uses Xsession file in xinitrc. It assign it to correct component *** Bug 119506 has been marked as a duplicate of this bug. *** It would be nice if this could go in the release notes (the fact that your .xsession-errors in now in /tmp). Please try Fedora Core 3 test 2 or later, as this problem may be fixed now. If the problem persists, please update the status. Thanks in advance. |