Bug 566178
| Summary: | SELinux is preventing the ck-get-x11-serv from using potentially mislabeled files (/root/.Xauthority). | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Gianpietro <gianpietro.carretta> |
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 12 | CC: | dwalsh, mcbroomrc, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | setroubleshoot_trace_hash:6673330c4b48911a3813911161b127cdf55d03b01a94e3d64b392a20e426a534 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-02-17 16:01:26 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 538428 *** |
Sommario: SELinux is preventing the ck-get-x11-serv from using potentially mislabeled files (/root/.Xauthority). Descrizione dettagliata: SELinux has denied ck-get-x11-serv access to potentially mislabeled file(s) (/root/.Xauthority). This means that SELinux will not allow ck-get-x11-serv to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Abilitazione accesso in corso: If you want ck-get-x11-serv to access this files, you need to relabel them using restorecon -v '/root/.Xauthority'. You might want to relabel the entire directory using restorecon -R -v '/root'. Informazioni aggiuntive: Contesto della sorgente system_u:system_r:consolekit_t:s0-s0:c0.c1023 Contesto target unconfined_u:object_r:admin_home_t:s0 Oggetti target /root/.Xauthority [ file ] Sorgente ck-get-x11-serv Percorso della sorgente /usr/libexec/ck-get-x11-server-pid Porta <Sconosciuto> Host (removed) Sorgente Pacchetti RPM ConsoleKit-x11-0.3.0-8.fc11 Pacchetti RPM target RPM della policy selinux-policy-3.6.12-62.fc11 Selinux abilitato True Tipo di policy targeted Modalità Enforcing Enforcing Nome plugin home_tmp_bad_labels Host Name (removed) Piattaforma Linux (removed) 2.6.29.5-191.fc11.i586 #1 SMP Tue Jun 16 23:11:39 EDT 2009 i686 i686 Conteggio avvisi 3 Primo visto mer 22 lug 2009 01:05:58 CEST Ultimo visto mer 22 lug 2009 13:09:50 CEST ID locale d6a48e4d-fd37-4340-82ac-04a49292b794 Numeri di linea Messaggi Raw Audit node=(removed) type=AVC msg=audit(1248260990.888:54): avc: denied { read } for pid=5255 comm="ck-get-x11-serv" name=".Xauthority" dev=sda2 ino=2539534 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1248260990.888:54): arch=40000003 syscall=33 success=no exit=-13 a0=bf9aafbc a1=4 a2=a15a60 a3=bf9aafbc items=0 ppid=5254 pid=5255 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ck-get-x11-serv" exe="/usr/libexec/ck-get-x11-server-pid" subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null) Hash String generated from home_tmp_bad_labels,ck-get-x11-serv,consolekit_t,admin_home_t,file,read audit2allow suggests: #============= consolekit_t ============== allow consolekit_t admin_home_t:file read;