Bug 528790
Summary: | SELinux is preventing /usr/libexec/gdm-session-worker "getattr" access on /tmp/.X11-unix/X0. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Christian Kujau <redhat> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | dwalsh, mgrepl, redhat |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:201f873b5ebd7607aa55f51ee33f792cefa16ce1f570026bc94d7a4cec6f6ce4 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-10-15 19:36:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Christian Kujau
2009-10-13 18:13:08 UTC
I'm using tmpfs for /tmp (I don't have a spare partition I could encrypt, but I don't want tmp files on my disk either) and I think this is causing this "error". * /etc/fstab tmpfs /tmp tmpfs nosuid 0 0 * /proc/mounts tmpfs /tmp tmpfs rw,rootcontext=system_u:object_r:tmp_t:s0,seclabel,nosuid,relatime 0 0 You seem to have a badly mislabeled system touch /.autorelabel; reboot Should clean it up. Repoen if this bug persists. Hi Daniel, care to elaborate a bit on the "mislabeling process"? This is a freshly installed system, not much has been configured yet (apart from /tmp being mounted as tmpfs), I wonder what caused the system to be "mislabled". I'll try your workaround as soon as I get access to the system again. Thanks! Actually what is the label on /tmp? ls -LZ /tmp It should be tmp_t and not root_t restorecon -R -v /tmp Should fix. Hm, the errormessage does not occur any more (it did occur as a notification window for the first few logins to Gnome), but from the /proc/mounts entry above I see: tmpfs /tmp tmpfs rw,rootcontext=system_u:object_r:tmp_t:s0,seclabel,nosuid,relatime 0 0 Now I see: ---------------------------------------------------------- # ls -LZ /tmp drwx------. christian christian unconfined_u:object_r:user_tmp_t:s0 keyring-6XBMYu drwx------. christian christian unconfined_u:object_r:user_tmp_t:s0 orbit-christian drwx------. gdm gdm system_u:object_r:xdm_tmp_t:s0 orbit-gdm drwx------. christian christian unconfined_u:object_r:user_tmp_t:s0 pulse-8h57TbygR0Pe drwx------. gdm gdm system_u:object_r:xdm_tmp_t:s0 pulse-PKdhtXMmr18n drwx------. christian christian unconfined_u:object_r:user_tmp_t:s0 virtual-christian.Zo5wWn # ls -LZd /tmp drwxrwxrwt. root root system_u:object_r:tmp_t:s0 /tmp # grep /tmp /proc/mounts tmpfs /tmp tmpfs rw,rootcontext=system_u:object_r:tmp_t:s0,seclabel,nosuid,relatime 0 0 ---------------------------------------------------------- Since the error is gone, I do not feel to relabel anything. I was just reporting this thingy, because SELinux told me to. Maybe this can be documented as a "known issue when /tmp is a tmpfs". Or maybe not, because it's a far too exotic configuration (is it?). Thanks, Christian. I have no idea why it happened at all. I always use /tmp as a tmpfs and have not seen the problem. |