Bug 429888

Summary: SELinux is preventing gconfd-2(/usr/libexec/gconfd-2) (xdm_t) "create" to <Unknown> (var_lib_t)
Product: [Fedora] Fedora Reporter: Zack Cerza <zcerza>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NOTABUG QA Contact: Ben Levenson <benl>
Severity: low Docs Contact:
Priority: low    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-24 21:06:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Zack Cerza 2008-01-23 16:46:00 UTC 
Description of problem:
This one is even more mysterious than usual to me...

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.2.5-15.fc9
GConf2-2.21.2-1.fc9

Additional info:
host=tak type=AVC msg=audit(1201104228.173:206): avc: denied { create } for
pid=2969 comm="gconfd-2" name="apps"
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir 

host=tak type=SYSCALL msg=audit(1201104228.173:206): arch=40000003 syscall=39
success=yes exit=0 a0=954aa20 a1=1c0 a2=44ba44 a3=9557e30 items=0 ppid=1
pid=2969 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42
fsgid=42 tty=(none) comm="gconfd-2" exe="/usr/libexec/gconfd-2"
subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
Comment 1 Daniel Walsh 2008-01-23 20:27:08 UTC 
Do you know what directory it is creating?

/var/lib/apps?
Comment 2 Zack Cerza 2008-01-23 21:06:48 UTC 
I'd guess, since that's what the message seems to say. But I've been running in
permissive mode since I hit some more serious problems which I've reported, and
I have no /var/lib/apps.
Comment 3 Daniel Walsh 2008-01-24 19:21:02 UTC 
restorecon -R -v /var/lib/gdm
Comment 4 Zack Cerza 2008-01-24 20:11:18 UTC 
I did do an autorelabel, and I haven't seen the message since. But is there a
way to avoid this breakage on other F8->F9 upgrades?
Comment 5 Daniel Walsh 2008-01-24 21:06:41 UTC 
I am hoping that F8-f9 will cause a relabel of this directory.