| Summary: | SELinux is preventing /usr/bin/xauth from 'write' accesses on the directory kde-rootKensGv. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Faisal Al Bilbeisi <it.faisal> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 16 | CC: | dominick.grift, dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:906c429084ef7d90d58cd4f91e41c7e3c619624dae9f2526e0a812e439d36409 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-01-02 09:10:25 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Were you logging in as root? (In reply to comment #1) > Were you logging in as root? Yes. Root login via X is not supported. You will need to switch to permissive mode to allow this. |
libreport version: 2.0.8 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.1.6-1.fc16.i686 reason: SELinux is preventing /usr/bin/xauth from 'write' accesses on the directory kde-rootKensGv. time: Sat 31 Dec 2011 02:47:53 AM EET description: :SELinux is preventing /usr/bin/xauth from 'write' accesses on the directory kde-rootKensGv. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that xauth should be allowed write access on the kde-rootKensGv directory by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep xauth /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 :Target Context system_u:object_r:xdm_tmp_t:s0 :Target Objects kde-rootKensGv [ dir ] :Source xauth :Source Path /usr/bin/xauth :Port <Unknown> :Host (removed) :Source RPM Packages xorg-x11-xauth-1.0.6-1.fc16 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-69.fc16 :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.1.6-1.fc16.i686 #1 SMP Wed : Dec 21 23:18:01 UTC 2011 i686 i686 :Alert Count 10 :First Seen Sat 31 Dec 2011 02:47:23 AM EET :Last Seen Sat 31 Dec 2011 02:47:41 AM EET :Local ID 0c39458a-aa13-4227-b498-f36f5319c678 : :Raw Audit Messages :type=AVC msg=audit(1325292461.123:85): avc: denied { write } for pid=1882 comm="xauth" name="kde-rootKensGv" dev=sda2 ino=1049546 scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=dir : : :type=SYSCALL msg=audit(1325292461.123:85): arch=i386 syscall=open success=no exit=EACCES a0=bfda1f9a a1=c1 a2=180 a3=1 items=0 ppid=1880 pid=1882 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm=xauth exe=/usr/bin/xauth subj=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 key=(null) : :Hash: xauth,xauth_t,xdm_tmp_t,dir,write : :audit2allow : :#============= xauth_t ============== :#!!!! The source type 'xauth_t' can write to a 'dir' of the following types: :# user_tmp_t, nx_server_var_lib_t, user_home_t, xauth_tmp_t, var_lib_t, xdm_var_run_t, admin_home_t, user_home_dir_t, tmp_t : :allow xauth_t xdm_tmp_t:dir write; : :audit2allow -R : :#============= xauth_t ============== :#!!!! The source type 'xauth_t' can write to a 'dir' of the following types: :# user_tmp_t, nx_server_var_lib_t, user_home_t, xauth_tmp_t, var_lib_t, xdm_var_run_t, admin_home_t, user_home_dir_t, tmp_t : :allow xauth_t xdm_tmp_t:dir write; :