Bug 440540

Summary: SELinux vs xdm_t - deathmatch!
Product: [Fedora] Fedora Reporter: Linus Torvalds <torvalds>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: jkubin
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-04-04 21:03:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Linus Torvalds 2008-04-03 21:41:42 UTC 
Description of problem:

When ssh'ing into a machine where I have also a desktop session going, SELinux
gives really annoying warning messages on the console (and wakes up the screen
saver).

I get some annoying popup about "SELinux: AVC denial, click to view".

setroubleshoot says:
  "SELinux is preventing sshd (sshd_t) "link" to <Unknown> (xdm_t)"
and
  "SELinux is preventing sshd (sshd_t) "search" to <Unknown> (xdm_t)"

Version-Release number of selected component (if applicable):

openssh-*          4.7p1-9.fc9
selinux-policy-*   3.3.1-26.fc9

How reproducible:

100%. Pretty bog-standard Fedora9 install.

Steps to Reproduce:
1. Log in on console
2. Log in remotely using ssh.
3. Irritation
  
Actual results:

Stupid and irritating warning, and screensaver stops.

Expected results:

No idiotic warnings, pretty swirling screensaver goes on.

Additional info:

Yeah, I realize I can just disable selinux, and I guess I will, but with these
kinds of issues I cannot imagine that anybody actually ever keeps it enabled in
the first place.
Comment 1 Daniel Walsh 2008-04-04 20:58:05 UTC 
This is a bug in the kernel where keyrings are being created on every setuid
call,  These are then labeled incorrectly and cause SELinux to put out the
message,  now we can either cover up the bug or leave the errors being reported
until they are cleaned up.
Comment 2 Daniel Walsh 2008-04-04 21:03:35 UTC 

*** This bug has been marked as a duplicate of 431535 ***