Bug 595355
Summary: | SELinux is preventing /usr/libexec/gnome-settings-daemon "getattr" access on /media/borntoshare/pics/backgrounds/nebula-1920x1080.jpg. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Bernhard Schuster <redhat.bugzilla> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 13 | CC: | dwalsh, mgrepl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:cd4fde285192191d877fdbaa58e072ea17b96a3f2092df3c48229b3db082d214 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-05-24 21:15:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Bernhard Schuster
2010-05-24 12:51:04 UTC
gdm does not show the picture as supposed ( I made the nebula-1920x1080 the default background), but after logging in it gets shown This looks like a temporary device? How are you mounting this borntoshare directory? You can use a context="system_u:object_r:etc_t:s0" mount flag to tell the system to treat this file system as an etc_t directory. THen gdm could read it. I mount it by default via /etc/fstab and it is an internal haraddisk with more or less private data /dev/mapper/luks-6f7a80f0-33ae-4538-bba1-ed82ca9a56f9 /media/borntoshare ext4 defaults 1 2 ok, so in the end this is expected behavior, or at most a quirky "Appearance Preferences" Dialog not enabling system access for selinux to the default wallpaper Another option would be to execute the following # semanage fcontext -a -t usr_t '/media/borntoshare/pics(/.*?)' # restorecon -R -v /media/borntoshare/pics This will put a label of usr_t (same as /usr) on the pictures and then gdm will be allowed to read them. And this is expected behaviour. We do not want to allow a program like gdm to be able to read any files on your system. So files under /media by default are not readable. |