Bug 457049
Summary: | SELinux is preventing the semodule from using potentially mislabeled ~/.xsession-errors | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Charlie Brady <charlieb-fedora-bugzilla> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 9 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-11-17 22:05:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Charlie Brady
2008-07-29 13:34:39 UTC
[charlieb@localhost ~]$ ls --lcontext .xsession-errors -rw------- 1 unconfined_u:object_r:unconfined_home_t:s0 charlieb charlieb 2805 2008-07-29 09:28 .xsession-errors [charlieb@localhost ~]$ [charlieb@localhost ~]$ sudo /sbin/restorecon -v '/home/charlieb/.xsession-errors' [charlieb@localhost ~]$ ls --lcontext .xsession-errors -rw------- 1 unconfined_u:object_r:unconfined_home_t:s0 charlieb charlieb 2805 2008-07-29 09:28 .xsession-errors [charlieb@localhost ~]$ You can safely ignore this avc, this is a simple redirection of stdout to the file and SELinux will no0t allow semanage to write to the file. You probably read packagekit or system-config tool to generate this avc. (In reply to comment #2) > You can safely ignore this avc, this is a simple redirection of stdout to the > file and SELinux will no0t allow semanage to write to the file. But what if my system was in enforcing mode? If semanage needs to run, then we need to deal with this issue. > You probably read packagekit or system-config tool to generate this avc. Sorry, I don't understand the comment. How would I "read packagekit" or "read system-config tool"? I ran "System->Administration->SELinux Management", which I presume is "semanage". If this was in enforcing mode SELinux would have closed the open file descriptor and replaced it with an open file descriptor to /dev/null. system-config-selinux(semanage) would have completed successfully. If you run a configuration tool from the taskbar, you can generate these AVC's. packagekit, SELinux Managerment, Service Manager etc can all cause these. Dontaudited in selinux-policy-3.3.1-81.fc9.src.rpm Closing all bugs that have been in modified for over a month. Please reopen if the bug is not actually fixed. |