Bug 157315
Summary: | Userhelper - xauth denials | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ivan Gyurdiev <ivg231> | ||||
Component: | selinux-policy-strict | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | rawhide | ||||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | i386 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2005-05-28 02:31:13 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Ivan Gyurdiev
2005-05-10 16:10:49 UTC
Do the apps still work? Dan No - none of them work, which makes this bug quite important... Created attachment 114312 [details]
Does this fix the problem?
It does not - it gets rid of the denials, but it still doesn't work. Switching to permissive mode makes the apps work. I guess some dontaudit rules cover up bugs - there's nothing in the log. By the way, is this safe? Should $1_xauth_t be able to read/write root xauth files? This dontaudit hides the bug: # for some PAM modules and for cwd #dontaudit $1_userhelper_t { home_root_t home_type }:dir search; This makes it work: allow $1_userhelper_t home_root_t:dir search; allow $1_userhelper_t $1_home_dir_t:dir search; (probably because it wants to search for xauth files... there is a section later that lets it read $1_xauth_home_t) Ok added to 1.23.16-4 |