Summary:
SELinux is preventing /usr/libexec/gdm-session-worker "read write" access on
/root.
Detailed Description:
SELinux denied access requested by gdm-session-wor. It is not expected that this
access is required by gdm-session-wor and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.
Additional Information:
Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context system_u:object_r:admin_home_t:s0
Target Objects /root [ dir ]
Source gdm-session-wor
Source Path /usr/libexec/gdm-session-worker
Port <Unknown>
Host (removed)
Source RPM Packages gdm-2.28.1-22.fc12
Target RPM Packages filesystem-2.4.30-2.fc12
Policy RPM selinux-policy-3.6.32-41.fc12
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name (removed)
Platform Linux (removed) 2.6.31.5-122.fc12.x86_64 #1 SMP
Thu Nov 5 01:37:34 EST 2009 x86_64 x86_64
Alert Count 2
First Seen Wed 04 Nov 2009 08:10:34 PM EST
Last Seen Fri 06 Nov 2009 10:58:39 PM EST
Local ID 24519545-1261-40a7-af72-ee09f1b4972d
Line Numbers
Raw Audit Messages
node=(removed) type=AVC msg=audit(1257566319.515:30966): avc: denied { read write } for pid=3877 comm="gdm-session-wor" name="root" dev=dm-0 ino=81921 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir
node=(removed) type=SYSCALL msg=audit(1257566319.515:30966): arch=c000003e syscall=21 success=no exit=-13 a0=c66a80 a1=7 a2=20 a3=7fff6d685e80 items=0 ppid=3858 pid=3877 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="gdm-session-wor" exe="/usr/libexec/gdm-session-worker" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
Hash String generated from selinux-policy-3.6.32-41.fc12,catchall,gdm-session-wor,xdm_t,admin_home_t,dir,read,write
audit2allow suggests:
#============= xdm_t ==============
allow xdm_t admin_home_t:dir { read write };