Bug 141079

Summary: Annoying messages for kde app launch under SELinux
Product: [Fedora] Fedora Reporter: Randy Heineke <heineke>
Component: selinux-policy-strictAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: medium    
Version: 3CC: sundaram
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: 1.19.14-5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-09-05 07:16:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Randy Heineke 2004-11-29 03:37:47 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041111 Firefox/1.0

Description of problem:
Launching a kde application on the gnome desktop with strict SELinux
policy generates an annoying messages complaining about DCOPserver not
running that must be clicked before application launches.
/var/log/messages clues:
Nov 28 17:36:51 localhost kernel: audit(1101685011.366:0): avc: 
denied  { getattr } for  pid=3395 exe=/usr/bin/kpat path=/usr/bin
dev=hda8 ino=12583051 scontext=user_u:user_r:user_games_t
tcontext=system_u:object_r:bin_t tclass=dir
Nov 28 17:36:51 localhost kernel: audit(1101685011.367:0): avc: 
denied  { getattr } for  pid=3395 exe=/usr/bin/kpat path=/usr/bin
dev=hda8 ino=12583051 scontext=user_u:user_r:user_games_t
tcontext=system_u:object_r:bin_t tclass=dir
Nov 28 17:36:52 localhost kernel: audit(1101685012.370:0): avc: 
denied  { getattr } for  pid=3400 exe=/usr/bin/kdeinit
path=/tmp/.ICE-unix dev=hda9 ino=131200
scontext=user_u:user_r:user_games_t
tcontext=system_u:object_r:xdm_xserver_tmp_t tclass=dir

I can issue the dcopserver command on the CLI.  When the dcopserver is
running the annoying popup messages windows stop popping up.




Version-Release number of selected component (if applicable):
selinux-policy-strict-1.17.30-2

How reproducible:
Always

Steps to Reproduce:
1.In gnome desktop select games>patience from the launcher
2.
3.
    

Actual Results:  A DCOP communications error (Patience) window pops
up. It has a redcircle witha a white x icon and the following text:
There was an error setting up inter-process communications for KDE.
The message returned by the system was:
Could not read network connection list.
/home/foouser/.DCOPserver_dhcppc1_0

Please check that the "dcopserver" program is running!


Expected Results:  The game whould launch.

Additional info:

The problem was found in testing of my first installation of SELinux
on a system that was newly updated from FC2 to FC3.  I call it a minor
a Low severity, however I have not idea if there is the first
indication of a more serious or pervasive problem.  It could also be
that I have some old/external package with messed up dependencies on
my system.
Comment 1 Daniel Walsh 2004-11-30 16:57:20 UTC 
Fixed in policy-1.19.7-1, 

Please use the strict policy from rawhide for FC3, the strict policy
has not been maintained in updates as this is experimental.

I will try to update it.
Comment 2 Randy Heineke 2004-12-09 03:02:17 UTC 
The problem occurs with selinux-policy-strict-1.19.10-2.  Is this
advice to revert to an older version found in rawhide?
Comment 3 Daniel Walsh 2004-12-09 14:57:45 UTC 
You shouldn't be seeing these in 1.19.10.  But I would grab the one in
Rawhide.

Dan
Comment 4 Randy Heineke 2005-01-09 19:54:29 UTC 
The problem has gone away now that I a using 
selinux-policy-targeted-1.19.14-5