This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 121793 - xauth causes avc denied errors
xauth causes avc denied errors
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: policy (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Russell Coker
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-04-27 17:05 EDT by Thomas Molina
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-10-16 21:35:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Thomas Molina 2004-04-27 17:05:31 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040422

Description of problem:
Any activity requiring use of xauth on my system causes an avc denied
error.

Version-Release number of selected component (if applicable):
policy-1.11.2-18

How reproducible:
Always

Steps to Reproduce:
1. use any program requiring xauth
2. 
3.
    

Actual Results:  Apr 27 16:50:21 dad kernel: audit(1083099021.090:0):
avc:  denied  { write } for  pid=8275 exe=/usr/X11R6/bin/xauth
name=tmolina dev=hdd1 ino=15651 scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:user_home_dir_t tclass=dir
Apr 27 16:50:21 dad kernel: audit(1083099021.090:0): avc:  denied  {
add_name } for  pid=8275 exe=/usr/X11R6/bin/xauth name=.Xauthority-c
scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:user_home_dir_t tclass=dir
Apr 27 16:50:21 dad kernel: audit(1083099021.090:0): avc:  denied  {
create } for  pid=8275 exe=/usr/X11R6/bin/xauth name=.Xauthority-c
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:user_home_dir_t tclass=file
Apr 27 16:50:21 dad kernel: audit(1083099021.091:0): avc:  denied  {
link } for  pid=8275 exe=/usr/X11R6/bin/xauth name=.Xauthority-c
dev=hdd1 ino=15899 scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:user_home_dir_t tclass=file
Apr 27 16:50:21 dad kernel: audit(1083099021.091:0): avc:  denied  {
write } for  pid=8275 exe=/usr/X11R6/bin/xauth name=.Xauthority
dev=hdd1 ino=15772 scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:user_home_xauth_t tclass=file
Apr 27 16:50:21 dad kernel: audit(1083099021.092:0): avc:  denied  {
read } for  pid=8275 exe=/usr/X11R6/bin/xauth name=.Xauthority
dev=hdd1 ino=15772 scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:user_home_xauth_t tclass=file
Apr 27 16:50:21 dad kernel: audit(1083099021.092:0): avc:  denied  {
getattr } for  pid=8275 exe=/usr/X11R6/bin/xauth
path=/home/tmolina/.Xauthority dev=hdd1 ino=15772
scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:user_home_xauth_t tclass=file
Apr 27 16:50:21 dad kernel: audit(1083099021.093:0): avc:  denied  {
remove_name } for  pid=8275 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c dev=hdd1 ino=15899
scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:user_home_dir_t tclass=dir
Apr 27 16:50:21 dad kernel: audit(1083099021.093:0): avc:  denied  {
unlink } for  pid=8275 exe=/usr/X11R6/bin/xauth name=.Xauthority-c
dev=hdd1 ino=15899 scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:user_home_dir_t tclass=file
Apr 27 16:50:21 dad kernel: audit(1083099021.094:0): avc:  denied  {
write } for  pid=8274 exe=/usr/sbin/userhelper name=root dev=hda1
ino=507905 scontext=user_u:user_r:userhelper_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
Apr 27 16:50:21 dad kernel: audit(1083099021.094:0): avc:  denied  {
add_name } for  pid=8274 exe=/usr/sbin/userhelper name=.xauthZWroqx
scontext=user_u:user_r:userhelper_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
Apr 27 16:50:21 dad kernel: audit(1083099021.095:0): avc:  denied  {
create } for  pid=8274 exe=/usr/sbin/userhelper name=.xauthZWroqx
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:staff_home_dir_t tclass=file
Apr 27 16:50:21 dad kernel: audit(1083099021.095:0): avc:  denied  {
setattr } for  pid=8274 exe=/usr/sbin/userhelper name=.xauthZWroqx
dev=hda1 ino=508148 scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:staff_home_dir_t tclass=file
Apr 27 16:50:21 dad kernel: audit(1083099021.100:0): avc:  denied  {
link } for  pid=8276 exe=/usr/X11R6/bin/xauth name=.xauthZWroqx-c
dev=hda1 ino=508162 scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:staff_home_dir_t tclass=file
Apr 27 16:50:21 dad kernel: audit(1083099021.101:0): avc:  denied  {
write } for  pid=8276 exe=/usr/X11R6/bin/xauth name=.xauthZWroqx
dev=hda1 ino=508148 scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:staff_home_dir_t tclass=file
Apr 27 16:50:21 dad kernel: audit(1083099021.102:0): avc:  denied  {
read } for  pid=8276 exe=/usr/X11R6/bin/xauth name=.xauthZWroqx
dev=hda1 ino=508148 scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:staff_home_dir_t tclass=file
Apr 27 16:50:21 dad kernel: audit(1083099021.102:0): avc:  denied  {
getattr } for  pid=8276 exe=/usr/X11R6/bin/xauth
path=/root/.xauthZWroqx dev=hda1 ino=508148
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:staff_home_dir_t tclass=file
Apr 27 16:50:21 dad kernel: audit(1083099021.102:0): avc:  denied  {
remove_name } for  pid=8276 exe=/usr/X11R6/bin/xauth name=.xauthZWroqx
dev=hda1 ino=508148 scontext=user_u:user_r:userhelper_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
Apr 27 16:50:21 dad kernel: audit(1083099021.103:0): avc:  denied  {
unlink } for  pid=8276 exe=/usr/X11R6/bin/xauth name=.xauthZWroqx
dev=hda1 ino=508148 scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:staff_home_dir_t tclass=file


Additional info:  This is similar to bug 120108 which says the bug was
closed in rawhide, but I am still getting it.
Comment 1 Daniel Walsh 2004-04-28 16:29:42 EDT
Converted userhelper policy to a macro so this will work.

Fixed in policy-1.11.2-21

Dan
Comment 2 Thomas Molina 2004-04-29 05:52:40 EDT
Apparently it hasn't made it into Rawhide yet.  I will try it when it
is available for update.
Comment 3 Thomas Molina 2004-05-13 19:30:48 EDT
I am up to date with Fedora Core 2 Test 3.  Policy is now
policy-1.11.3-3.  I still get these messages:

May 13 19:14:55 dad kernel: audit(1084490095.198:0): avc:  denied  {
execute_no_trans } for  pid=12981 exe=/usr/sbin/userhelper
path=/usr/X11R6/bin/xauth dev=hda1 ino=393468
scontext=user_u:user_r:user_userhelper_t
tcontext=system_u:object_r:xauth_exec_t tclass=file
May 13 19:14:55 dad kernel: audit(1084490095.236:0): avc:  denied  {
write } for  pid=12981 exe=/usr/X11R6/bin/xauth name=tmolina dev=hdd1
ino=15651 scontext=user_u:user_r:user_userhelper_t
tcontext=system_u:object_r:user_home_dir_t tclass=dir
May 13 19:14:55 dad kernel: audit(1084490095.237:0): avc:  denied  {
add_name } for  pid=12981 exe=/usr/X11R6/bin/xauth name=.Xauthority-c
scontext=user_u:user_r:user_userhelper_t
tcontext=system_u:object_r:user_home_dir_t tclass=dir
May 13 19:14:55 dad kernel: audit(1084490095.237:0): avc:  denied  {
create } for  pid=12981 exe=/usr/X11R6/bin/xauth name=.Xauthority-c
scontext=user_u:user_r:user_userhelper_t
tcontext=user_u:object_r:user_home_dir_t tclass=file
May 13 19:14:55 dad kernel: audit(1084490095.237:0): avc:  denied  {
link } for  pid=12981 exe=/usr/X11R6/bin/xauth name=.Xauthority-c
dev=hdd1 ino=17277 scontext=user_u:user_r:user_userhelper_t
tcontext=user_u:object_r:user_home_dir_t tclass=file
May 13 19:14:55 dad kernel: audit(1084490095.238:0): avc:  denied  {
write } for  pid=12981 exe=/usr/X11R6/bin/xauth name=.Xauthority
dev=hdd1 ino=16667 scontext=user_u:user_r:user_userhelper_t
tcontext=system_u:object_r:user_home_xauth_t tclass=fileMay 13
19:14:55 dad kernel: audit(1084490095.238:0): avc:  denied  {
remove_name } for  pid=12981 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c dev=hdd1 ino=17277
scontext=user_u:user_r:user_userhelper_t
tcontext=system_u:object_r:user_home_dir_t tclass=dir
May 13 19:14:55 dad kernel: audit(1084490095.238:0): avc:  denied  {
unlink } for  pid=12981 exe=/usr/X11R6/bin/xauth name=.Xauthority-c
dev=hdd1 ino=17277 scontext=user_u:user_r:user_userhelper_t
tcontext=user_u:object_r:user_home_dir_t tclass=file
Comment 4 Thomas Molina 2004-10-16 21:35:16 EDT
Please close this bug.  It is no longer reproducable under current
Fedora Core.

Note You need to log in before you can comment on or make changes to this bug.