Bug 1004000 - SELinux is preventing /usr/lib/systemd/systemd-logind from 'search' accesses on the directory .X11-unix.
SELinux is preventing /usr/lib/systemd/systemd-logind from 'search' accesses ...
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
x86_64 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2013-09-03 12:57 EDT by Rajkumar
Modified: 2014-06-22 22:58 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-10-25 06:20:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Rajkumar 2013-09-03 12:57:03 EDT
Description of problem:
When fedora 19 is updated to 3.10.10 the sky fell loose. I was using kde plasma alongwith fedora 19. After the update kde  began to show errors viz. no animation, no sound, etc. Actually the sound is gone from the fedora 19 too. A very long bootin time is also there with a prompt to enter ctrl + D , Iam using ctrl+alt+del to start to plymouth bootscreen. Even for shutting down it is asking for authenticcation. A complete mess.
SELinux is preventing /usr/lib/systemd/systemd-logind from 'search' accesses on the directory .X11-unix.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that systemd-logind should be allowed search access on the .X11-unix directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# grep systemd-logind /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:systemd_logind_t:s0
Target Context                system_u:object_r:xserver_tmpfs_t:s0
Target Objects                .X11-unix [ dir ]
Source                        systemd-logind
Source Path                   /usr/lib/systemd/systemd-logind
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           systemd-204-9.fc19.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-73.fc19.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.10.9-200.fc19.x86_64 #1 SMP Wed
                              Aug 21 19:27:58 UTC 2013 x86_64 x86_64
Alert Count                   11
First Seen                    2013-09-03 21:31:11 IST
Last Seen                     2013-09-03 22:11:03 IST
Local ID                      77a2eb7b-77d6-4e30-9e09-5b19044c2d6b

Raw Audit Messages
type=AVC msg=audit(1378226463.863:481): avc:  denied  { search } for  pid=558 comm="systemd-logind" name=".X11-unix" dev="tmpfs" ino=17382 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:xserver_tmpfs_t:s0 tclass=dir

type=SYSCALL msg=audit(1378226463.863:481): arch=x86_64 syscall=access success=no exit=EACCES a0=7fae83b491c0 a1=0 a2=30 a3=7fae80a247d8 items=0 ppid=1 pid=558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=systemd-logind exe=/usr/lib/systemd/systemd-logind subj=system_u:system_r:systemd_logind_t:s0 key=(null)

Hash: systemd-logind,systemd_logind_t,xserver_tmpfs_t,dir,search

Additional info:
reporter:       libreport-2.1.6
hashmarkername: setroubleshoot
kernel:         3.10.9-200.fc19.x86_64
type:           libreport

Potential duplicate: bug 902168
Comment 1 Miroslav Grepl 2013-09-03 14:59:46 EDT
Where is .X11-unix located?

#ls -lZ /tmp/.X11-unix -d
drwxrwxrwt. root root system_u:object_r:xdm_tmp_t:s0   /tmp/.X11-unix
Comment 2 Daniel Walsh 2013-09-04 09:31:41 EDT
Might be a labelling issue on the system.  Could /tmp be labeled tmpfs_t?
Comment 3 Rajkumar 2014-06-22 22:58:20 EDT
I have upgraded to Heisengug. But the problem still exists. I have installed KDE plasma along with Heisenbug. There is Windows 7 too installed. When the pc boots into Fedora 20, it does not show the login screen. On hitting the ctrl+alt+del, it restarts and go on to the login screen without trouble. Always I have to restart it.

Note You need to log in before you can comment on or make changes to this bug.