Bug 375071
| Summary: | SELinux is preventing /usr/bin/kdm_greet (xdm_t) "create" to (var_lib_t). | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Konstantin Svist <fry.kun> |
| Component: | kdebase | Assignee: | Than Ngo <than> |
| Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 8 | CC: | rdieter, tuju |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-01-09 05:08:39 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Confirm.
Additional Information
Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context system_u:object_r:var_lib_t:s0
Target Objects None [ dir ]
Affected RPM Packages kdebase-3.5.8-9.fc8 [application]
Policy RPM selinux-policy-3.0.8-64.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall_file
Host Name xxxxxxxxx
Platform Linux xxxxxxxxxxxx 2.6.23.8-63.fc8 #1 SMP Wed
Nov 21 17:56:40 EST 2007 x86_64 x86_64
Alert Count 2
First Seen Thu 20 Dec 2007 12:53:10 PM EET
Last Seen Thu 20 Dec 2007 12:54:04 PM EET
Local ID 7dd08b51-adb3-4710-bcc7-1a514396f6b5
Line Numbers
Raw Audit Messages
avc: denied { create } for comm=kdm_greet egid=0 euid=0 exe=/usr/bin/kdm_greet
exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=kdm pid=9849
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 suid=0 tclass=dir
tcontext=system_u:object_r:var_lib_t:s0 tty=(none) uid=0
This message is a reminder that Fedora 8 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 8. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '8'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 8's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 8 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping Fedora 8 changed to end-of-life (EOL) status on 2009-01-07. Fedora 8 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed. |
Description of problem: The following message comes up in setroubleshoot: """ Summary SELinux is preventing /usr/bin/kdm_greet (xdm_t) "create" to <Unknown> (var_lib_t). Detailed Description SELinux denied access requested by /usr/bin/kdm_greet. It is not expected that this access is required by /usr/bin/kdm_greet and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for <Unknown>, restorecon -v <Unknown> If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_lib_t:s0 Target Objects None [ dir ] Affected RPM Packages kdebase-3.5.8-5.fc8 [application] Policy RPM selinux-policy-3.0.8-44.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall_file Host Name mireille Platform Linux mireille 2.6.23.1-42.fc8 #1 SMP Tue Oct 30 13:55:12 EDT 2007 i686 i686 Alert Count 1 First Seen Sat 10 Nov 2007 03:47:17 AM PST Last Seen Sat 10 Nov 2007 03:47:17 AM PST Local ID 7db57472-0b33-410b-9541-d678f96f1138 Line Numbers Raw Audit Messages avc: denied { create } for comm=kdm_greet egid=0 euid=0 exe=/usr/bin/kdm_greet exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=kdm pid=5369 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 suid=0 tclass=dir tcontext=system_u:object_r:var_lib_t:s0 tty=(none) uid=0 """ Version info: kdebase-3.5.8-5.fc8 selinux-policy-3.0.8-44.fc8