Bug 994752
Summary: | selinux policy causing "timeout in locking authority file" with xauth | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | JR <bucketofsnow> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 19 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-10-24 17:50:31 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
JR
2013-08-08 00:30:55 UTC
Please execute # restorecon -R -v /home to fix labeling. Bad news: # restorecon -R -v /home Then as a user: $ ssh -X USER@localhost Last login: Thu Aug 8 06:54:02 2013 from localhost.localdomain /usr/bin/xauth: timeout in locking authority file /home/USER/.Xauthority with an entry in the audit.log file of: type=AVC msg=audit(1376003043.928:516): avc: denied { write } for pid=1754 comm="xauth" name="USER" dev="dm-0" ino=261633 scontext=user_u:user_r:xauth_t:s0 tcontext=user_u:object_r:user_home_dir_t:s0 tclass=dir If we look at the SELinux labels of the files: ls -lahZ (in /home/USER) drwx------. USER USER user_u:object_r:user_home_dir_t:s0 . <..snip..> -rw-------. USER USER user_u:object_r:xauth_home_t:s0 .Xauthority 1c6e172d9f095a296028935973c17b6a2e263d67 allows xauth_t to create ~/.Xauthority in git. Great! If there is a F19 package I can test with the change, please let me know. Verification won't be very hard as I'm using ssh -X all over the place. Thanks! |