Bug 441261
Summary: | Upstart causes multiple AVCs | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Anne <lists> | ||||
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | rawhide | CC: | dwalsh, jkubin | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-04-17 12:19:56 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Anne
2008-04-07 13:33:41 UTC
Created attachment 301517 [details]
Complete audit log.
I think most of these are fixed in selinux-policy-3.3.1-29.fc9 Please update and report if you are seeing any? Far fewer. Those remaining are: SELinux is preventing 05-netfs (NetworkManager_t) "getattr" to /var/lock/subsys/netfs (var_lock_t). SELinux is preventing kdm_greet (xdm_t) "write" to ./Oxygen.colors (usr_t). SELinux is preventing kdm_greet (xdm_t) "write" to ./kde.desktop (usr_t). SELinux is preventing kdm_greet (xdm_t) "write" to ./entry.desktop (locale_t). SELinux is preventing the lnusertemp from using potentially mislabeled files (cache-david.lydgate.lan). SELinux is preventing the lnusertemp from using potentially mislabeled files (/root/.kde/cache-david.lydgate.lan). SELinux is preventing kdm_greet (xdm_t) "write" to ./kde.desktop (usr_t). SELinux is preventing the lnusertemp from using potentially mislabeled files (tmp-david.lydgate.lan). SELinux is preventing the lnusertemp from using potentially mislabeled files (/root/.kde/tmp-david.lydgate.lan). Incidentally, the postfix one seems to have disappeared. I'll report that to bug #441130 restorecon -R -v /etc/NetworkManager Should clean up var_lock. What diectory are all of these kde.desktop stuff in? Are these in /usr/share/xsessions/kde.desktop? Does kdm really need to write these files? Also are you logging in as root? Sorry this has not been answered. For some reason I'm not getting any bug notifications at all. The multiple AVCs disappeared a few days ago, I'd guess about the 11th or 12th. I no longer have the AVC reports, but IIRC many referred to /tmp/ksocket-anne, and /tmp/orbit-anne. I believe write access is necessary. I never log in as root, though I do use a root konsole fairly often. Well I have no idea what caused these then. Seems something wanted to write to /root/.kde/tmp-david.lydgate.lan which is why I thought you were logging in as root. The apps requestiong access to write to /usr also seem weird, unless this is some kind of python optimization code. Since they are no longer happening I'd be inclined to close this bug. I'll report any specific ones that occur later. |