Bug 462994
| Summary: | KDM tries to access /boot which is denied by SElinux policy | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Benjamin Lewis <ben.lewis> | ||||
| Component: | kdebase-workspace | Assignee: | Than Ngo <than> | ||||
| Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 9 | CC: | fedora, keller1976, kevin, ltinkl, rdieter | ||||
| Target Milestone: | --- | Keywords: | SELinux | ||||
| Target Release: | --- | ||||||
| Hardware: | i386 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2008-09-20 17:26:51 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Did you modify /etc/kde/kdm/kdmrc at all? I see AVC messages too, but only when/if I modify the Bootloader options (and the selinux folks vetoed my request to allow that). Yeah, I set BootManager=Grub , that seems to be the problem. If the selinux side can't be fixed, can we just patch that feature out or somthing, as I'm assuming that whatever feature that enables won't work as it is? The feature is disabled by default for a reason. If you want it to work, you can either disable SELinux (I'd recommend doing that anyway, but I'm known all around here as the "SELinux hater" ;-) ) or add a custom policy to allow this (see audit2allow, and Dan Walsh's blog where several ways to customize SELinux are described, I can't help you much with it as I don't use it). Closing as WONTFIX, as we KDE folks can't fix it and the SELinux folks don't want to allow this in the default policy. Ok, thanks for helping (audit2allow was my first port of call as it happens, I just wanted to be sure it wasn't something generally fixable) *** Bug 504125 has been marked as a duplicate of this bug. *** |
Created attachment 317277 [details] AVC messages Description of problem: When the shutdown menu is selected in KDE an AVC message and SElinux denial is logged for KDM (attached) Version-Release number of selected component (if applicable): kdebase-workspace-4.1.0-8.fc9.i386 How reproducible: Every time shutdown menu is opened Steps to Reproduce: 1. Run setroubleshoot or tail -f /var/log/audit/audit.log 2. Open shutdown menu (Any of the options on "Leave" works) 3. Watch AVC message appear in log Actual results: SElinux denies access and an AVC message is logged Expected results: No AVC message and access is allowed - or equally, kdm stops trying to access /boot Additional info: I don't think this impacts usability in any way so I class it more of an annoyance