Bug 500944

Summary: SELinux prevented kde4-config from writing .kde.
Product: [Fedora] Fedora Reporter: Ralf Corsepius <rc040203>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: benl, dwalsh, mgrepl, rdieter, than
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-05-15 12:52:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Output of sealert -l a4029e06-1fd4-4fc8-8da0-2fc9b1fdc6a9 none

Description Ralf Corsepius 2009-05-15 03:55:55 UTC 
Description of problem:
Upon each reboot an selinux alert similar to this is being issued:
...
May 15 05:37:25 columbo setroubleshoot: SELinux prevented kde4-config from writing .kde. For complete SELinux messages. run sealert -l a4029e06-1fd4-4fc8-8da0-2fc9b1fdc6a9
...


Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.6.12-34.fc11.noarch
selinux-policy-3.6.12-34.fc11.noarch


How reproducible:
Always, on one machine. On a different machine, with a very similar set up, I am not observing this.

Steps to Reproduce:
1. reboot
2. check /var/log/messages
  
Actual results:
SEalert being risen.

Expected results:
No SEalert.

Additional info:
If I understand correctly, something is trying to run kde4-config during or shortly after bootup as root.

AFAICT, kde4-config wants to write to ~/.kde, i.e. to /root/.kde or even /.kde (In the past, some broken kde apps did so). May-be, selinux is preventing it from doing so, may-be kde4-config segfaults. I am not sure.
Comment 1 Ralf Corsepius 2009-05-15 03:57:56 UTC 
Created attachment 344072 [details]
Output of sealert -l a4029e06-1fd4-4fc8-8da0-2fc9b1fdc6a9
Comment 2 Ralf Corsepius 2009-05-15 04:04:32 UTC 
Likely a duplicate of 
https://bugzilla.redhat.com/show_bug.cgi?id=489093
Comment 3 Ralf Corsepius 2009-05-15 04:07:17 UTC 
Correction: My second FC11 test machine now also exposes this issue:

May 15 06:01:38 gunvald setroubleshoot: SELinux prevented kde4-config from writing .kde. For complete SELinux messages. run sealert -l 3f6e9b13-5223-43b6-babe-35a5af18da11
Comment 4 Ralf Corsepius 2009-05-15 05:52:19 UTC 
A bewildering observation:

My machines have /home and / on separate logical volumes.

On one of these, when moving /home down in fstab, this sealert goes away, on the other one, this doesn't help:

--- fstab.bak	2009-05-15 07:35:13.000000000 +0200
+++ fstab	2009-05-15 07:35:07.000000000 +0200
@@ -1,5 +1,4 @@
 /dev/VolGroup00/LogVol03 /                       ext3    defaults        1 1
-/dev/VolGroup00/LogVol02 /home                   ext3    defaults        1 1
 UUID=c40d2593-81fc-4f0b-8b81-e1d0bbeb4ceb /boot                   ext3    defaults        1 2
 tmpfs                   /dev/shm                tmpfs   defaults        0 0
 devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
@@ -7,3 +6,4 @@
 proc                    /proc                   proc    defaults        0 0
 /dev/VolGroup00/LogVol01 swap                    swap    defaults        0 0
 /dev/VolGroup00/LogVol00 /opt/fedora/10          ext3    defaults,noauto 0 0
+/dev/VolGroup00/LogVol02 /home                   ext3    defaults        1 1
Comment 5 Ben Levenson 2009-05-15 12:26:47 UTC 
copying than

reproduced with the following RPMs:
selinux-policy-targeted-3.6.12-34.fc11.noarch
selinux-policy-3.6.12-34.fc11.noarch
kdelibs-4.2.2-12.fc11.x86_64
Comment 6 Rex Dieter 2009-05-15 12:52:33 UTC 
Yes, this is the same symptoms of the other bug, duping.

*** This bug has been marked as a duplicate of bug 489093 ***