Seen on Fedora 19 and Fedora 20: $ xauth & [1] 14712 Using authority file /run/gdm/auth-for-ossman-HdenCT/database xauth> [1]+ Stopped xauth $ ps axZ | grep xauth unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 14712 pts/2 T 0:00 xauth $ ls -Z /bin/xauth -rwxr-xr-x. root root system_u:object_r:xauth_exec_t:s0 /bin/xauth
We removed the transition from unconfined_t to many domains.
Hmm... Ok. This does make it difficult to write file context globs though. The Xauthority file for different users will have different contexts depending on which context the user is allowed to use. Maybe xauth_home_t and such need to go away?
The reason why we could remove these transitions is the fact we have "File Name Transitions". So for example $ sesearch -T |grep \".Xauthority
Ah, I see. Thanks. I'll have to look at the current policy and see how to apply similar changes to our policy module.
If something let me know. We can help you.