Bug 524087
Summary: | setroubleshoot: SELinux is preventing /usr/libexec/ck-get-x11-server-pid "read" access on .Xauthority. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Alexey Torkhov <atorkhov> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CANTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | dwalsh, jkubin, martin.nad89, mgrepl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:5b6c5df04050886e9b177076c50b04a2e98ca1b1904f4bc8e646383f8e775310 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-10-20 22:35:39 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Alexey Torkhov
2009-09-17 20:04:10 UTC
Apparently, setroubleshoot didn't generate proper message. Here is audit message: Happens in gnome session for root user. node=rawhide.tortilla.ru type=AVC msg=audit(1253217723.568:26): avc: denied { read } for pid=1789 comm="ck-get-x11-serv" name=".Xauthority" dev=vda1 ino=107186 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file node=rawhide.tortilla.ru type=SYSCALL msg=audit(1253217723.568:26): arch=40000003 syscall=33 success=no exit=-13 a0=bfa51fbc a1=4 a2=584bb8 a3=bfa51fbc items=0 ppid=1788 pid=1789 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ck-get-x11-serv" exe="/usr/libexec/ck-get-x11-server-pid" subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null) Did you login in as root via X Windows? Nope, gdm seems doesn’t allow this. I called startx from console. When logged in as root? SELinux does not support that so I have to close these bugs as WONTFIX. *** Bug 529264 has been marked as a duplicate of this bug. *** restorecon -R -v /root should fix.Not sure how it got mislabled. If you are logging in as root or running a session as root, that is not supported within SELinux. |