Bug 512264
Summary: | SELinux blocks SLiM | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Christoph Wickert <christoph.wickert> | ||||
Component: | slim | Assignee: | Lorenzo Villani <lorenzo> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 11 | CC: | afb, davidz, dcantrell, dwalsh, pertusus, schaeksh | ||||
Target Milestone: | --- | Keywords: | Reopened | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2009-10-10 12:37:43 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 505781 | ||||||
Attachments: |
|
Description
Christoph Wickert
2009-07-16 21:44:50 UTC
Comment on attachment 354051 [details]
sealert error message
This is the alert for getattr, I have similar errors for open, read and unlink.
If you chcon -t xdm_var_run_t /var/run/slim\* Does everything work? semanage -a -t xdm_var_run_t /var/run/slim.auth did the trick, slim.run already gets created xdm_var_run_t. Would be nice to have this in the policy, so I don't need no hack on the livecd. Miroslav can you add this labeling? /var/run/slim\.auth -- gen_context(system_u:object_r:xdm_var_run_t,s0) I will push out a new selinux-policy release with this change tomorrow. Fixed in selinux-policy-3.6.12-70.fc11 Works fine, thanks! Sorry, I was too fast. It's still not working. The strange thing is: It works fine when installed, but not from the livecd. Try yourself with the latest LXDE livecd from http://alt.fedoraproject.org/pub/alt/nightly-composes/lxde/ Let me know If I can help you testing, debugging or whatever. Then this is a bug in the livecd program. There's not anything the livecd creation can do about it -- the file is created at runtime by slim in /var/run. Since slim isn't explicitly trying to set any contexts before creating the file, it follows the directory default (var_run_t) The easiest way to fix this is probably to have slim move its files to be in a subdir of /var/run -- then the directory can be labeled as it's put down by rpm and then the new files within it will get the right context. But if slim is running as xdm_t then it should have transitioned to the correct label when it created the file. ls -lZ /usr/bin/slim -rwxr-xr-x. root root system_u:object_r:xdm_exec_t:s0 /usr/bin/slim And we have this line in policy files_pid_filetrans(xdm_t, xdm_var_run_t, { dir file fifo_file sock_file }) WHich says if a process running as xdm_t creates a dir,file. fifo_file or sock_file in var_run_t it will label it xdm_var_run_t So something else is creating this file or the /usr/bin/slim is not labeled correctly. /var/log/slim.log says /usr/bin/xauth creates the /var/run/slim.auth file. The solution you suggested here: https://bugzilla.redhat.com/show_bug.cgi?id=518068 works. Using #518068 to track this issue. *** This bug has been marked as a duplicate of bug 518068 *** |