Bug 119988 - selinux audit messages
selinux audit messages
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: xscreensaver (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
: SELinux
Depends On:
Blocks: FC2Blocker
  Show dependency treegraph
 
Reported: 2004-04-04 14:51 EDT by Tim Waugh
Modified: 2014-03-16 22:43 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-05-03 17:19:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tim Waugh 2004-04-04 14:51:01 EDT
Description of problem:
I keep getting selinux audit messages

Version-Release number of selected component (if applicable):
xscreensaver-4.14-4
policy-1.9.2-10

How reproducible:
100%

Steps to Reproduce:
1. Just log in as a user_r user.
  
Actual results:
audit(1081103071.442:0): avc:  denied  { getattr } for  pid=2175
exe=/usr/X11R6/bin/xscreensaver path=/home/tim/.xscreensaver dev=hdb1
ino=706028 scontext=tim:user_r:user_screensaver_t
tcontext=system_u:object_r:user_home_t tclass=file

Also:
audit(1081092237.557:0): avc:  denied  { create } for  pid=2691
exe=/usr/X11R6/lib/xscreensaver/sonar
scontext=tim:user_r:user_screensaver_t
tcontext=tim:user_r:user_screensaver_t tclass=rawip_socket

Additional info:
audit2allow says:

allow user_screensaver_t user_home_t:file { getattr };
allow user_screensaver_t user_screensaver_t:rawip_socket { create };
Comment 1 Bill Nottingham 2004-04-05 15:07:46 EDT
sonar wants to ping things for the display, which is why it wants a
raw IP socket.

xscreensaver *does* need to be able to read its config file in any case.
Comment 2 Tim Waugh 2004-04-05 18:56:14 EDT
policy-1.9.2-12 fixes access to config file for me.

Note You need to log in before you can comment on or make changes to this bug.