Bug 119988

Summary: selinux audit messages
Product: [Fedora] Fedora Reporter: Tim Waugh <twaugh>
Component: xscreensaverAssignee: Bill Nottingham <notting>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: dwalsh, rvokal
Target Milestone: ---Keywords: SELinux
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-05-03 21:19:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 114961    

Description Tim Waugh 2004-04-04 18:51:01 UTC 
Description of problem:
I keep getting selinux audit messages

Version-Release number of selected component (if applicable):
xscreensaver-4.14-4
policy-1.9.2-10

How reproducible:
100%

Steps to Reproduce:
1. Just log in as a user_r user.
  
Actual results:
audit(1081103071.442:0): avc:  denied  { getattr } for  pid=2175
exe=/usr/X11R6/bin/xscreensaver path=/home/tim/.xscreensaver dev=hdb1
ino=706028 scontext=tim:user_r:user_screensaver_t
tcontext=system_u:object_r:user_home_t tclass=file

Also:
audit(1081092237.557:0): avc:  denied  { create } for  pid=2691
exe=/usr/X11R6/lib/xscreensaver/sonar
scontext=tim:user_r:user_screensaver_t
tcontext=tim:user_r:user_screensaver_t tclass=rawip_socket

Additional info:
audit2allow says:

allow user_screensaver_t user_home_t:file { getattr };
allow user_screensaver_t user_screensaver_t:rawip_socket { create };
Comment 1 Bill Nottingham 2004-04-05 19:07:46 UTC 
sonar wants to ping things for the display, which is why it wants a
raw IP socket.

xscreensaver *does* need to be able to read its config file in any case.
Comment 2 Tim Waugh 2004-04-05 22:56:14 UTC 
policy-1.9.2-12 fixes access to config file for me.