| Summary: | SELinux is preventing /usr/libexec/gdm-session-worker from 'create' accesses on the file .xsession-errors.XXZD49AW | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Yogesh <ychavan> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.2 | CC: | dwalsh, mmalik, vgaikwad |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-03-21 13:16:39 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Did you try to log in as root? |
Description of problem: SELinux is preventing /usr/libexec/gdm-session-worker from 'create' accesses on the file .xsession-errors.XXZD49AW Version-Release number of selected component (if applicable): Red Hat Enterprise Linux 6 update 2 selinux-policy-3.7.19-126.el6_2.10 description: :SELinux is preventing /usr/libexec/gdm-session-worker from 'create' accesses on the file .xsession-errors.XXZD49AW. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that gdm-session-worker should be allowed create access on the .xsession-errors.XXZD49AW file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep gdm-session-wor /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp Additional Information: :Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 :Target Context system_u:object_r:admin_home_t:s0 :Target Objects .xsession-errors.XXZD49AW [ file ] :Source gdm-session-wor :Source Path /usr/libexec/gdm-session-worker :Port <Unknown> :Host (removed) :Source RPM Packages gdm-2.30.4-32.el6 :Target RPM Packages :Policy RPM selinux-policy-3.7.19-126.el6_2.10 :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 2.6.32-220.7.1.el6.x86_64 #1 SMP : Fri Feb 10 15:22:22 EST 2012 x86_64 x86_64 :Alert Count 4 :First Seen Thu 15 Mar 2012 01:53:34 PM CDT :Last Seen Thu 15 Mar 2012 01:54:34 PM CDT :Local ID 8c203062-67fd-4db4-884f-a03928c5fc81 Raw Audit Messages :type=AVC msg=audit(1331837674.106:865): avc: denied { create } for pid=5141 comm="gdm-session-wor" name=".xsession-errors.XXZD49AW" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=file : : :type=SYSCALL msg=audit(1331837674.106:865): arch=x86_64 syscall=open success=no exit=EACCES a0=7e8ee0 a1=c2 a2=180 a3=20 items=0 ppid=5092 pid=5141 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=132 comm=gdm-session-wor exe=/usr/libexec/gdm-session-worker subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) : :Hash: gdm-session-wor,xdm_t,admin_home_t,file,create : :audit2allow : :#============= xdm_t ============== :allow xdm_t admin_home_t:file create; : :audit2allow -R : :#============= xdm_t ============== :allow xdm_t admin_home_t:file create;