Bug 1573640
| Summary: | SELinux is preventing lightdm from 'write' accesses on the directory 20. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Grant Cohoe <cohoe.grant> |
| Component: | lightdm | Assignee: | Alternative GTK desktop environments <alt-gtk-de-sig> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 28 | CC: | alt-gtk-de-sig, christoph.wickert, dwalsh, lvrabec, mgrepl, plautrba, pmoore, rdieter |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:1981da642bcae927f23b695ca39d049efbe9580c204bdcefa92f5908f5f39c0d; | ||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-05-02 15:45:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Guys, Lightdm is trying to write to dir with name "20" somewhere in / . Do you know whats going on? After reply feel free to re-assign back to selinux-policy component. Thanks, Lukas. (In reply to Lukas Vrabec from comment #1) > Guys, > > Lightdm is trying to write to dir with name "20" somewhere in / . Do you > know whats going on? > Pass. I have no selinux issue on the F28 cinnamon spin using lightdm/slick-greeter. The Mate maintainer doesn't see the issue on the spin either. I believe I have located a cause of my issue. When installing to disk from the live image, I inadvertently set my homedir to ' ' (which amazingly Anaconda lets me do). Each login then gives me the SElinux alert. When I fix my homedir location to something sane (or re-install with the same) the error goes away. If anyone would like to look in further I'm happy to assist, but I'd call this User Error on my part. |
Description of problem: Fresh install of FC28 Xfce spin. Got error on first and subsequent boots after install from ISO. Ran dnf update to get fresh package set. Rebooted, issue still occurs. Notification is only shown on first login. SELinux is preventing lightdm from 'write' accesses on the directory 20. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that lightdm should be allowed write access on the 20 directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'lightdm' --raw | audit2allow -M my-lightdm # semodule -X 300 -i my-lightdm.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:etc_runtime_t:s0 Target Objects 20 [ dir ] Source lightdm Source Path lightdm Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.1-21.fc28.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.16.5-300.fc28.x86_64 #1 SMP Fri Apr 27 17:38:36 UTC 2018 x86_64 x86_64 Alert Count 3 First Seen 2018-05-01 16:12:11 EDT Last Seen 2018-05-01 16:22:40 EDT Local ID c0f5d4c4-291c-4cc3-80b1-31e4daf29f55 Raw Audit Messages type=AVC msg=audit(1525206160.75:204): avc: denied { write } for pid=1157 comm="lightdm" name=20 dev="dm-0" ino=153667 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=dir permissive=0 Hash: lightdm,xdm_t,etc_runtime_t,dir,write Version-Release number of selected component: selinux-policy-3.14.1-21.fc28.noarch Additional info: component: selinux-policy reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.16.5-300.fc28.x86_64 type: libreport