Bug 748085
| Summary: | SELinux is preventing /usr/bin/gnome-keyring-daemon from 'write' accesses on the directory /home/james.cape/.gnome2/keyrings. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | James Cape <jamescape777> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED WORKSFORME | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 16 | CC: | dominick.grift, dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:a745998b4d8f2fb063f9328fb43606929700944c973cb52505bcbe8c11c3b4ce | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-10-26 17:35:36 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I am looking at your bugs and something is wrong with your system, Could you try to reinstall the policy # yum reinstall selinux-policy-targeted and make sure nothing blows up on reinstall. Also what is your output of # id -Z # semanage login -l Is this a fresh install or did you do an upgrade? *** Bug 748086 has been marked as a duplicate of this bug. *** *** Bug 748088 has been marked as a duplicate of this bug. *** *** Bug 748089 has been marked as a duplicate of this bug. *** *** Bug 748090 has been marked as a duplicate of this bug. *** *** Bug 748091 has been marked as a duplicate of this bug. *** *** Bug 748092 has been marked as a duplicate of this bug. *** *** Bug 748093 has been marked as a duplicate of this bug. *** *** Bug 748094 has been marked as a duplicate of this bug. *** *** Bug 748095 has been marked as a duplicate of this bug. *** *** Bug 748096 has been marked as a duplicate of this bug. *** *** Bug 748097 has been marked as a duplicate of this bug. *** *** Bug 748098 has been marked as a duplicate of this bug. *** *** Bug 748099 has been marked as a duplicate of this bug. *** *** Bug 748100 has been marked as a duplicate of this bug. *** *** Bug 748101 has been marked as a duplicate of this bug. *** *** Bug 748102 has been marked as a duplicate of this bug. *** *** Bug 748103 has been marked as a duplicate of this bug. *** *** Bug 748104 has been marked as a duplicate of this bug. *** *** Bug 748105 has been marked as a duplicate of this bug. *** *** Bug 748106 has been marked as a duplicate of this bug. *** *** Bug 748108 has been marked as a duplicate of this bug. *** *** Bug 748109 has been marked as a duplicate of this bug. *** *** Bug 748107 has been marked as a duplicate of this bug. *** This looks like you logged into the system as xdm_t, which should not happen. Did you modify some of the pam modules? Also when you see an explosion of AVC's like this, please do not report each individually, attempt to look at them and see if they seem to be similar, as in everyone of them refers to xdm_t, then just add a comment that you have several others that are similar. Reporting this many bugs just wastes our time and yours, since we have to close them all as dups. This started happening after the last relabel. I've since updated selinux-policy to the latest version, and forced another relabel of the FS, and it appears as though things are working now. Ok then I am closing the bug. |
libreport version: 2.0.6 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.1.0-0.rc10.git0.1.fc16.x86_64 reason: SELinux is preventing /usr/bin/gnome-keyring-daemon from 'write' accesses on the directory /home/james.cape/.gnome2/keyrings. time: Fri Oct 21 20:21:02 2011 description: :SELinux is preventing /usr/bin/gnome-keyring-daemon from 'write' accesses on the directory /home/james.cape/.gnome2/keyrings. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that gnome-keyring-daemon should be allowed write access on the keyrings directory by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep gnome-keyring-d /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 :Target Context unconfined_u:object_r:gkeyringd_gnome_home_t:s0 :Target Objects /home/james.cape/.gnome2/keyrings [ dir ] :Source gnome-keyring-d :Source Path /usr/bin/gnome-keyring-daemon :Port <Unknown> :Host (removed) :Source RPM Packages gnome-keyring-3.2.1-1.fc16 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-40.fc16 :Selinux Enabled True :Policy Type targeted :Enforcing Mode Permissive :Host Name (removed) :Platform Linux orwell.ignore-your.tv : 3.1.0-0.rc10.git0.1.fc16.x86_64 #1 SMP Wed Oct 19 : 05:02:17 UTC 2011 x86_64 x86_64 :Alert Count 1 :First Seen Fri 21 Oct 2011 08:20:46 PM CDT :Last Seen Fri 21 Oct 2011 08:20:46 PM CDT :Local ID 2113ce51-3814-4729-8b03-49a2455a02a1 : :Raw Audit Messages :type=AVC msg=audit(1319246446.788:340): avc: denied { write } for pid=4300 comm="gnome-keyring-d" name="keyrings" dev=dm-1 ino=125667 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gkeyringd_gnome_home_t:s0 tclass=dir : : :type=AVC msg=audit(1319246446.788:340): avc: denied { add_name } for pid=4300 comm="gnome-keyring-d" name="login.keyring" dev=dm-1 ino=2056589 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gkeyringd_gnome_home_t:s0 tclass=dir : : :type=AVC msg=audit(1319246446.788:340): avc: denied { link } for pid=4300 comm="gnome-keyring-d" name="login.keyring" dev=dm-1 ino=2056589 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gkeyringd_gnome_home_t:s0 tclass=file : : :type=SYSCALL msg=audit(1319246446.788:340): arch=x86_64 syscall=link success=yes exit=0 a0=21365e0 a1=7f8c4002eff0 a2=0 a3=7f8c49fe07d0 items=0 ppid=1 pid=4300 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=4294967295 comm=gnome-keyring-d exe=/usr/bin/gnome-keyring-daemon subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) : :Hash: gnome-keyring-d,xdm_t,gkeyringd_gnome_home_t,dir,write : :audit2allow : :#============= xdm_t ============== :#!!!! The source type 'xdm_t' can write to a 'dir' of the following types: :# cgroup_t, user_home_dir_t, var_lock_t, root_t, tmp_t, var_t, locale_t, var_auth_t, tmpfs_t, user_fonts_t, xdm_spool_t, user_tmp_t, fonts_cache_t, auth_cache_t, xdm_tmpfs_t, xserver_log_t, var_spool_t, user_home_t, faillog_t, var_lib_t, var_run_t, data_home_t, xdm_tmp_t, var_log_t, xdm_log_t, gnome_home_type, pam_var_run_t, xdm_var_lib_t, xdm_var_run_t, pcscd_var_run_t, gconf_home_t, xkb_var_lib_t, xdm_rw_etc_t, gnome_home_t, admin_home_t, xdm_home_t, pam_var_console_t, user_tmpfs_type, tmp_t, krb5_host_rcache_t : :allow xdm_t gkeyringd_gnome_home_t:dir { write add_name }; :allow xdm_t gkeyringd_gnome_home_t:file link; : :audit2allow -R : :#============= xdm_t ============== :#!!!! The source type 'xdm_t' can write to a 'dir' of the following types: :# cgroup_t, user_home_dir_t, var_lock_t, root_t, tmp_t, var_t, locale_t, var_auth_t, tmpfs_t, user_fonts_t, xdm_spool_t, user_tmp_t, fonts_cache_t, auth_cache_t, xdm_tmpfs_t, xserver_log_t, var_spool_t, user_home_t, faillog_t, var_lib_t, var_run_t, data_home_t, xdm_tmp_t, var_log_t, xdm_log_t, gnome_home_type, pam_var_run_t, xdm_var_lib_t, xdm_var_run_t, pcscd_var_run_t, gconf_home_t, xkb_var_lib_t, xdm_rw_etc_t, gnome_home_t, admin_home_t, xdm_home_t, pam_var_console_t, user_tmpfs_type, tmp_t, krb5_host_rcache_t : :allow xdm_t gkeyringd_gnome_home_t:dir { write add_name }; :allow xdm_t gkeyringd_gnome_home_t:file link; :