Bug 1261235
| Summary: | SELinux is preventing sddm-helper from 'write' accesses on the file .Xauthority. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Richard Jasmin <spike85051> |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
| Status: | CLOSED WORKSFORME | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | medium | ||
| Version: | 22 | CC: | dominick.grift, dwalsh, lorenzo.buzzi, lvrabec, mgrepl, plautrba, spike85051 |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:c06bb66b71e1c23b7dd8288b3742f124f5ae59cb4a9fe53b5bf6f9d2ebab2190 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-12-17 17:20:47 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Are you able to reproduce it after $ restorecon ~/.Xauth* $ restorecon -F -v ~/.Xauthority resets the context to unconfined_u:object_r:xauth_home_t But at next login the context is again unconfined_u:object_r:home_root_t and sddm-helper is prevented from writing it. (In reply to Lorenzo Buzzi from comment #2) > $ restorecon -F -v ~/.Xauthority > resets the context to unconfined_u:object_r:xauth_home_t > > But at next login the context is again unconfined_u:object_r:home_root_t and > sddm-helper is prevented from writing it. Can you show us what labels are for $ ls -Z /home system_u:object_r:lost_found_t:s0 lost+found unconfined_u:object_r:user_home_dir_t:s0 me Ok it is correct. Do you still have the same issue? not anymore. seems some files may have been out of whack. I ported as it were from debian based systems a while back.Linux is wonderful in that regards but Debian based setups DO NOT have SELinux working by default. AND MIND YOU, THEY SHOULD. Getting it to work is like pulling teeth. DoD and letter agencies dont develop software to make themselves look pretty.They do it to solve a problem.So maybe people should USE it if they open source something..... |
Description of problem: I logged in. SELinux is preventing sddm-helper from 'write' accesses on the file .Xauthority. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that sddm-helper should be allowed write access on the .Xauthority file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep sddm-helper /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:user_home_t:s0 Target Objects .Xauthority [ file ] Source sddm-helper Source Path sddm-helper Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-128.12.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.1.6-200.fc22.x86_64 #1 SMP Mon Aug 17 19:54:31 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-09-08 20:24:51 CDT Last Seen 2015-09-08 20:24:51 CDT Local ID f2c0e2f8-332d-4aaa-bb71-e98c5a77af69 Raw Audit Messages type=AVC msg=audit(1441761891.214:544): avc: denied { write } for pid=1587 comm="sddm-helper" name=".Xauthority" dev="dm-3" ino=4456483 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0 Hash: sddm-helper,xdm_t,user_home_t,file,write Version-Release number of selected component: selinux-policy-3.13.1-128.12.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.6-200.fc22.x86_64 type: libreport Potential duplicate: bug 1176052