Bug 437478
Summary: | SELinux is completely hosed in F 9 Alpha (or so it seems!) | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Steve Murphy <murf> | ||||
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | Ben Levenson <benl> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | rawhide | ||||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-03-17 19:38:08 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Steve Murphy
2008-03-14 14:09:19 UTC
Created attachment 298050 [details]
From setroubleshoot browser
If you need the messages, let me know.
In normal system operation, I don't think I should have seen any of these. It's
all normal activity. I'd hope, anyway!
xulrunner is a known problem unrelated to SELinux. I forget how to fix it but you should be able to find it on the web. I think you need to remove it with nodeps and then install it. You also seem to be logging into root via XWindows which SELinux is going to complain about. I am fixing the nsplugin problems and gamin avc's. Running audit2allow on your setroubleshoot output produces #============= gamin_t ============== allow gamin_t NetworkManager_t:process ptrace; allow gamin_t auditd_t:process ptrace; allow gamin_t crond_t:process ptrace; allow gamin_t hald_t:process ptrace; allow gamin_t restorecond_t:process ptrace; allow gamin_t self:capability sys_ptrace; allow gamin_t sendmail_t:process ptrace; allow gamin_t sshd_t:process ptrace; allow gamin_t system_dbusd_t:process ptrace; >> I am dontauditing these. selinux-policy-3.3.1-19.fc9 #============= nsplugin_config_t ============== allow nsplugin_config_t inotifyfs_t:dir read; allow nsplugin_config_t unconfined_t:unix_dgram_socket { read write }; allow nsplugin_config_t unconfined_t:unix_stream_socket { read write }; >> I am fixing these. selinux-policy-3.3.1-19.fc9 #============= semanage_t ============== allow semanage_t user_home_t:file append; >> This is redirection of terminal to .xsession-errors, ignoring for now. can be ignored #============= sshd_t ============== allow sshd_t xdm_t:key link; >> This is a bug in the kerkel key code that is being fixes, can be ignored #============= syslogd_t ============== allow syslogd_t system_map_t:file read; >> Should be fixed in current policy. selinux-policy-3.3.1-18.fc9 #============= tmpreaper_t ============== allow tmpreaper_t var_lib_t:dir setattr; >> I have no idea what is causing this? WHy is tmpreaper looking in /var/lib, Seems like some tool is configured badly. #============= xdm_t ============== allow xdm_t admin_home_t:dir write; >> Caused by you logging in as root via XWindows, will not fix #============= xdm_xserver_t ============== allow xdm_xserver_t admin_home_t:file read; >> Caused by you logging in as root via XWindows, will not fix Fixed in selinux-policy-3.3.20.fc9 |