Description of problem: I keep getting selinux audit messages Version-Release number of selected component (if applicable): xscreensaver-4.14-4 policy-1.9.2-10 How reproducible: 100% Steps to Reproduce: 1. Just log in as a user_r user. Actual results: audit(1081103071.442:0): avc: denied { getattr } for pid=2175 exe=/usr/X11R6/bin/xscreensaver path=/home/tim/.xscreensaver dev=hdb1 ino=706028 scontext=tim:user_r:user_screensaver_t tcontext=system_u:object_r:user_home_t tclass=file Also: audit(1081092237.557:0): avc: denied { create } for pid=2691 exe=/usr/X11R6/lib/xscreensaver/sonar scontext=tim:user_r:user_screensaver_t tcontext=tim:user_r:user_screensaver_t tclass=rawip_socket Additional info: audit2allow says: allow user_screensaver_t user_home_t:file { getattr }; allow user_screensaver_t user_screensaver_t:rawip_socket { create };
sonar wants to ping things for the display, which is why it wants a raw IP socket. xscreensaver *does* need to be able to read its config file in any case.
policy-1.9.2-12 fixes access to config file for me.