Bug 1305236 - RFE: SELinux wrongly blocks xlogin session
RFE: SELinux wrongly blocks xlogin session
Status: ASSIGNED
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
high Severity medium
: ---
: ---
Assigned To: Lukas Vrabec
Fedora Extras Quality Assurance
https://github.com/joukewitteveen/xlo...
: FutureFeature
Depends On:
Blocks: 1404667
  Show dependency treegraph
 
Reported: 2016-02-06 05:35 EST by Raphael Groner
Modified: 2017-01-31 19:23 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
sealert of xlogin (1.87 KB, text/plain)
2016-02-06 05:35 EST, Raphael Groner
no flags Details
audit-AVC.log (580.07 KB, text/plain)
2016-07-13 06:33 EDT, Raphael Groner
no flags Details

  None (edit)
Description Raphael Groner 2016-02-06 05:35:19 EST
Created attachment 1121614 [details]
sealert of xlogin

Description of problem:


Version-Release number of selected component (if applicable):
xlogin-0-0.1.20160114git97667d7.fc23.noarch


How reproducible:
yes

Steps to Reproduce:
1. systemctl enable xlogin@user
2. ln -s /etc/X11/xinit/xinitrc /home/user/.xinitrc
3. reboot

Actual results:
graphical login does not work, see attached logs

Expected results:
user is automatically logged into X

Additional info:
see attached logs
https://github.com/joukewitteveen/xlogin/issues/10

# journalctl --since today -r |grep xlogin
Feb 06 11:17:16 poldy systemd[1]: xlogin@raphael.service: Failed with result 'exit-code'.
Feb 06 11:17:16 poldy systemd[1]: xlogin@raphael.service: Unit entered failed state.
Feb 06 11:17:16 poldy systemd[1]: xlogin@raphael.service: Main process exited, code=exited, status=203/EXEC
Feb 06 11:17:16 poldy systemd[963]: xlogin@raphael.service: Failed at step EXEC spawning /usr/bin/bash: Permission denied
Feb 06 11:17:16 poldy audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xlogin@raphael comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Feb 06 11:17:16 poldy audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xlogin@raphael comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Feb 06 11:16:26 poldy systemd[1]: Stopping system-xlogin.slice.
Feb 06 11:16:26 poldy systemd[1]: Removed slice system-xlogin.slice.
Feb 06 11:14:24 poldy systemd[1]: xlogin@raphael.service: Failed with result 'exit-code'.
Feb 06 11:14:24 poldy systemd[1]: xlogin@raphael.service: Unit entered failed state.
Feb 06 11:14:24 poldy systemd[1]: xlogin@raphael.service: Main process exited, code=exited, status=203/EXEC
Feb 06 11:14:24 poldy systemd[963]: xlogin@raphael.service: Failed at step EXEC spawning /usr/bin/bash: Permission denied
Feb 06 11:14:24 poldy audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xlogin@raphael comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Feb 06 11:14:24 poldy audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xlogin@raphael comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Feb 06 11:13:36 poldy systemd[1]: Stopping system-xlogin.slice.
Feb 06 11:13:36 poldy systemd[1]: Removed slice system-xlogin.slice.

# journalctl --since today -r |grep bash
Feb 06 11:17:16 poldy python3[1002]: SELinux is preventing (bash) from using the transition access on a process.
                                     If you believe that (bash) should be allowed transition access on processes labeled unconfined_t by default.
                                     # grep (bash) /var/log/audit/audit.log | audit2allow -M mypol
Feb 06 11:17:16 poldy setroubleshoot[1002]: SELinux is preventing (bash) from using the transition access on a process. For complete SELinux messages. run sealert -l 37be6b0d-fc58-4eb4-81cb-add09f70c136
Feb 06 11:17:16 poldy systemd[963]: xlogin@raphael.service: Failed at step EXEC spawning /usr/bin/bash: Permission denied
Feb 06 11:17:16 poldy audit[963]: AVC avc:  denied  { transition } for  pid=963 comm="(bash)" path="/usr/bin/bash" dev="sda4" ino=1442241 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=0
Feb 06 11:14:24 poldy python3[989]: SELinux is preventing (bash) from using the transition access on a process.
                                    If you believe that (bash) should be allowed transition access on processes labeled unconfined_t by default.
                                    # grep (bash) /var/log/audit/audit.log | audit2allow -M mypol
Feb 06 11:14:24 poldy setroubleshoot[989]: SELinux is preventing (bash) from using the transition access on a process. For complete SELinux messages. run sealert -l 37be6b0d-fc58-4eb4-81cb-add09f70c136
Feb 06 11:14:24 poldy systemd[963]: xlogin@raphael.service: Failed at step EXEC spawning /usr/bin/bash: Permission denied
Feb 06 11:14:24 poldy audit[963]: AVC avc:  denied  { transition } for  pid=963 comm="(bash)" path="/usr/bin/bash" dev="sda4" ino=1442241 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=0
Comment 1 Raphael Groner 2016-02-06 05:37:20 EST
Can we allow xlogin (via bash) in selinux-policy by default?
Comment 2 Miroslav Grepl 2016-02-19 05:49:20 EST
What does

$ sesearch -A -s init_t -t unconfined_t -c process

on your system?
Comment 3 Raphael Groner 2016-02-19 07:40:41 EST
$ sesearch -A -s init_t -t unconfined_t -c process
Found 4 semantic av rules:
   allow domain unconfined_t : process sigchld ; 
   allow init_t domain : process { sigchld sigkill sigstop signull signal getpgid getattr } ; 
   allow unconfined_domain_type domain : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap share getattr setexec setfscreate noatsecure siginh setrlimit rlimitinh setcurrent setkeycreate setsockcreate ptrace_child } ; 
   allow unconfined_domain_type domain : process ptrace ;
Comment 4 Miroslav Grepl 2016-02-19 09:24:17 EST
OK and 

$ rpm -q selinux-policy-targeted

?
Comment 5 Raphael Groner 2016-02-19 09:31:45 EST
$ rpm -q selinux-policy-targeted
selinux-policy-targeted-3.13.1-158.6.fc23.noarch
Comment 6 Miroslav Grepl 2016-02-19 10:28:44 EST
We have fixes in Rawhide. Could you try to test it with the following local policy

# cat mypol.cil
(allow init_t unconfined_t (process (transition)))
# semodule -i mypol.cil
Comment 7 Raphael Groner 2016-02-27 14:16:59 EST
Sorry for my delayed response, I'll come back to this RFE later.
Comment 8 Raphael Groner 2016-03-30 10:59:25 EDT
Still an issue for me.

selinux-policy-3.13.1-158.11.fc23.noarch
selinux-policy-targeted-3.13.1-158.11.fc23.noarch
xlogin-0-0.1.20160114git97667d7.fc23.noarch

(In reply to Miroslav Grepl from comment #6)
> We have fixes in Rawhide. Could you try to test it with the following local
> policy

# echo '(allow init_t unconfined_t (process (transition)))' >/tmp/mypol.cli && semodule -i /tmp/mypol.cli
libsemanage.semanage_pipe_data: Child process /usr/libexec/selinux/hll/cli failed with code: 1. (No such file or directory).
mypol: libsemanage.semanage_pipe_data: Unable to execute /usr/libexec/selinux/hll/cli : No such file or directory
mypol:  (No such file or directory).
libsemanage.semanage_direct_commit: Failed to compile hll files into cil files.
 (No such file or directory).
semodule:  Failed!
# LC_ALL=C dnf install /usr/libexec/selinux/hll/cli
Last metadata expiration check: 0:48:53 ago on Wed Mar 30 16:09:41 2016.
No package /usr/libexec/selinux/hll/cli available.
Error: Unable to find a match.
# LC_ALL=C dnf whatprovides /usr/libexec/selinux/hll/cli
Last metadata expiration check: 0:49:13 ago on Wed Mar 30 16:09:41 2016.
Error: No Matches found
Comment 9 Raphael Groner 2016-03-30 11:01:41 EDT
If of any help:
# journalctl |grep xlogin
Feb 06 11:13:36 poldy systemd[1]: Removed slice system-xlogin.slice.
Feb 06 11:13:36 poldy systemd[1]: Stopping system-xlogin.slice.
Feb 06 11:14:24 poldy audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xlogin@raphael comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Feb 06 11:14:24 poldy audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xlogin@raphael comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Feb 06 11:14:24 poldy systemd[963]: xlogin@raphael.service: Failed at step EXEC spawning /usr/bin/bash: Permission denied
Feb 06 11:14:24 poldy systemd[1]: xlogin@raphael.service: Main process exited, code=exited, status=203/EXEC
Feb 06 11:14:24 poldy systemd[1]: xlogin@raphael.service: Unit entered failed state.
Feb 06 11:14:24 poldy systemd[1]: xlogin@raphael.service: Failed with result 'exit-code'.
Feb 06 11:16:26 poldy systemd[1]: Removed slice system-xlogin.slice.
Feb 06 11:16:26 poldy systemd[1]: Stopping system-xlogin.slice.
Feb 06 11:17:16 poldy audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xlogin@raphael comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Feb 06 11:17:16 poldy audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xlogin@raphael comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Feb 06 11:17:16 poldy systemd[963]: xlogin@raphael.service: Failed at step EXEC spawning /usr/bin/bash: Permission denied
Feb 06 11:17:16 poldy systemd[1]: xlogin@raphael.service: Main process exited, code=exited, status=203/EXEC
Feb 06 11:17:16 poldy systemd[1]: xlogin@raphael.service: Unit entered failed state.
Feb 06 11:17:16 poldy systemd[1]: xlogin@raphael.service: Failed with result 'exit-code'.
Feb 06 13:40:51 poldy systemd[1]: Removed slice system-xlogin.slice.
Feb 06 13:40:51 poldy systemd[1]: Stopping system-xlogin.slice.
Mär 30 09:59:46 poldy audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xlogin@raphael comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Mär 30 09:59:46 poldy audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xlogin@raphael comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Mär 30 09:59:46 poldy systemd[1060]: xlogin@raphael.service: Failed at step EXEC spawning /usr/bin/bash: Permission denied
Mär 30 09:59:46 poldy systemd[1]: xlogin@raphael.service: Main process exited, code=exited, status=203/EXEC
Mär 30 09:59:46 poldy systemd[1]: xlogin@raphael.service: Unit entered failed state.
Mär 30 09:59:46 poldy systemd[1]: xlogin@raphael.service: Failed with result 'exit-code'.
Comment 10 Miroslav Grepl 2016-04-25 03:47:03 EDT
Could you test it with

$ cat mypol.te
policy_module(mypol, 1.0)

require{
 type init_t;
 type unconfined_t;
}


allow init_t unconfined_t:process transition;


And run

# make -f /usr/share/selinux/devel/Makefile mypol.pp
# semodule -i mypol.pp



Thank you.
Comment 11 Raphael Groner 2016-05-08 17:34:37 EDT
Your suggestion from comment #10 changes EXEC fail in a PAM fail.

# journalctl -b |grep xlogin
Mai 08 23:21:09 builder24 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xlogin@builder comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Mai 08 23:21:09 builder24 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xlogin@builder comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Mai 08 23:21:09 builder24 systemd[854]: xlogin@builder.service: Failed at step PAM spawning /usr/bin/bash: Operation not permitted
Mai 08 23:21:09 builder24 systemd[1]: xlogin@builder.service: Main process exited, code=exited, status=224/PAM
Mai 08 23:21:09 builder24 systemd[1]: xlogin@builder.service: Unit entered failed state.
Mai 08 23:21:09 builder24 systemd[1]: xlogin@builder.service: Failed with result 'exit-code'.

# journalctl -u xlogin@builder
-- Logs begin at So 2016-04-24 20:22:30 CEST, end at So 2016-05-08 23:31:29 CEST. --
Mai 08 23:21:09 builder24 systemd[1]: Started Direct X login for user builder.
Mai 08 23:21:09 builder24 systemd[854]: pam_console(login:session): Could not open lock file /var/run/console/builder, disallowing console access
Mai 08 23:21:09 builder24 systemd[854]: pam_selinux(login:session): Failed to compute new context for /dev/tty7: Permission denied
Mai 08 23:21:09 builder24 systemd[1]: xlogin@builder.service: Main process exited, code=exited, status=224/PAM
Mai 08 23:21:09 builder24 systemd[1]: xlogin@builder.service: Unit entered failed state.
Mai 08 23:21:09 builder24 systemd[1]: xlogin@builder.service: Failed with result 'exit-code'.
Comment 12 Raphael Groner 2016-07-11 15:33:33 EDT
Ping, any news here?
Comment 13 Simon Sekidde 2016-07-11 16:16:24 EDT
(In reply to Raphael Groner from comment #12)
> Ping, any news here?

What policy package version are you running now?  

 allow init_t login_userdomain : process { transition sigchld noatsecure } ; 

Is included in the latest rawhide build
Comment 14 Raphael Groner 2016-07-12 14:42:50 EDT
xlogin-0-0.1.20160114git97667d7.fc23.noarch
selinux-policy-3.13.1-158.15.fc23.noarch

Jul 12 20:34:51 poldy audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xlogin@raphael comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jul 12 20:34:51 poldy audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xlogin@raphael comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Jul 12 20:34:51 poldy systemd[1066]: xlogin@raphael.service: Failed at step EXEC spawning /usr/bin/bash: Permission denied
Jul 12 20:34:51 poldy systemd[1]: xlogin@raphael.service: Unit entered failed state.
Jul 12 20:34:51 poldy systemd[1]: xlogin@raphael.service: Failed with result 'exit-code'.
Comment 15 Raphael Groner 2016-07-12 15:13:51 EDT
xlogin-0-0.1.20160114git97667d7.fc24.noarch
selinux-policy-3.13.1-191.5.fc24.noarch 

Jul 12 21:10:21 fedora24lxqt systemd[1]: Created slice system-xlogin.slice.
Jul 12 21:10:21 fedora24lxqt audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xlogin@test comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jul 12 21:10:21 fedora24lxqt systemd[1129]: xlogin@test.service: Failed at step PAM spawning /usr/bin/bash: Operation not permitted                                                                     
Jul 12 21:10:21 fedora24lxqt systemd[1]: xlogin@test.service: Main process exited, code=exited, status=224/PAM                                                                                          
Jul 12 21:10:21 fedora24lxqt audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xlogin@test comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'                                                                
Jul 12 21:10:21 fedora24lxqt systemd[1]: xlogin@test.service: Unit entered failed state.
Jul 12 21:10:21 fedora24lxqt systemd[1]: xlogin@test.service: Failed with result 'exit-code'.
Comment 16 Lukas Vrabec 2016-07-13 03:17:38 EDT
Could you attach audit logs? (/var/log/audit/audit.log)

 Thank you.
Comment 17 Raphael Groner 2016-07-13 03:56:05 EDT
(In reply to Lukas Vrabec from comment #16)
> Could you attach audit logs? (/var/log/audit/audit.log)
> 
>  Thank you.

Can I grep it for something? The log files here have several MB in size.
Comment 18 Lukas Vrabec 2016-07-13 04:48:01 EDT
You can run:
# cat /var/log/audit/audit.log | grep AVC
Comment 19 Petr Lautrbach 2016-07-13 05:20:01 EDT
You can use ausearch tool to filter audit events based on time and type, e.g.:

# ausearch -m avc,user_avc,selinux_err -ts 07/12/2016 21:00:00 -te 07/12/2016 22:00:00
Comment 20 Raphael Groner 2016-07-13 06:33 EDT
Created attachment 1179213 [details]
audit-AVC.log

Fedora 23:
$ grep AVC /var/log/audit/audit.log
Comment 21 Raphael Groner 2016-07-13 06:35:55 EDT
(In reply to Petr Lautrbach from comment #19)
> You can use ausearch tool to filter audit events based on time and type,
> e.g.:
> 
> # ausearch -m avc,user_avc,selinux_err -ts 07/12/2016 21:00:00 -te
> 07/12/2016 22:00:00

# ausearch -m avc,user_avc,selinux_err -ts 07/12/2016 21:00:00 -te 07/12/2016 22:00:00
Error parsing start date (07/12/2016)
# ausearch -m avc,user_avc,selinux_err -ts 07.12.2016 21:00:00 -te 07.12.2016 22:00:00
<no matches>
# ausearch -m avc,user_avc,selinux_err -ts 2016-07-12 21:00:00 -te 2016-07-12 22:00:00
Invalid start date (2016-07-12). Month, Day, and Year are required.
Comment 22 Petr Lautrbach 2016-07-13 07:45:36 EDT
(In reply to Raphael Groner from comment #21) 
> # ausearch -m avc,user_avc,selinux_err -ts 07/12/2016 21:00:00 -te
> 07/12/2016 22:00:00
> Error parsing start date (07/12/2016)
> # ausearch -m avc,user_avc,selinux_err -ts 07.12.2016 21:00:00 -te
> 07.12.2016 22:00:00
> <no matches>
> # ausearch -m avc,user_avc,selinux_err -ts 2016-07-12 21:00:00 -te
> 2016-07-12 22:00:00
> Invalid start date (2016-07-12). Month, Day, and Year are required.

The format of -ts and -te depends on your current locale. Try 'date +%x' to get the right format or use

LC_ALL=en_US.UTF-8 ausearch -m avc,user_avc,selinux_err -ts 07/12/2016 21:00:00 -te 07/12/2016 22:00:00
Comment 23 Raphael Groner 2016-07-13 08:01:31 EDT
poldy is the Fedora 23 machine from comment #14.

[root@poldy ~]# LC_ALL=en_US.UTF-8 ausearch -m avc,user_avc,selinux_err -ts 07/12/2016 20:00:00 -te 07/12/2016 22:00:00
----
time->Tue Jul 12 21:00:01 2016
type=USER_AVC msg=audit(1468350001.520:216): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:00:01 2016
type=USER_AVC msg=audit(1468350001.521:217): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:00:01 2016
type=USER_AVC msg=audit(1468350001.537:218): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:00:01 2016
type=USER_AVC msg=audit(1468350001.542:219): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:00:01 2016
type=USER_AVC msg=audit(1468350001.594:231): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission stop for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:00:01 2016
type=USER_AVC msg=audit(1468350001.595:232): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission stop for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:15:01 2016
type=USER_AVC msg=audit(1468350901.619:251): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:15:01 2016
type=USER_AVC msg=audit(1468350901.638:252): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:15:01 2016
type=USER_AVC msg=audit(1468350901.639:253): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:15:01 2016
type=USER_AVC msg=audit(1468350901.643:254): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:15:01 2016
type=USER_AVC msg=audit(1468350901.693:266): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission stop for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:15:01 2016
type=USER_AVC msg=audit(1468350901.693:267): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission stop for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:19:17 2016
type=USER_AVC msg=audit(1468351157.468:272): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission stop for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:19:17 2016
type=USER_AVC msg=audit(1468351157.469:273): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission stop for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:30:01 2016
type=USER_AVC msg=audit(1468351801.705:283): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:30:01 2016
type=USER_AVC msg=audit(1468351801.706:284): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:30:01 2016
type=USER_AVC msg=audit(1468351801.724:285): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:30:01 2016
type=USER_AVC msg=audit(1468351801.729:286): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:30:01 2016
type=USER_AVC msg=audit(1468351801.771:298): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission stop for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:30:01 2016
type=USER_AVC msg=audit(1468351801.771:299): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission stop for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:45:01 2016
type=USER_AVC msg=audit(1468352701.788:307): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:45:01 2016
type=USER_AVC msg=audit(1468352701.788:308): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:45:01 2016
type=USER_AVC msg=audit(1468352701.803:309): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:45:01 2016
type=USER_AVC msg=audit(1468352701.807:310): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:45:01 2016
type=USER_AVC msg=audit(1468352701.844:322): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission stop for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Jul 12 21:45:01 2016
type=USER_AVC msg=audit(1468352701.844:323): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission stop for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
Comment 25 Raphael Groner 2016-12-09 15:46:48 EST
Ping? Any news here?
Comment 26 Lukas Vrabec 2016-12-14 10:25:24 EST
Raphael, 

Do you have the latest selinux-policy package installed? 

It looks that all AVC are fixed.
Comment 27 Raphael Groner 2016-12-27 13:48:34 EST
My apologise for the delay of an answer. Because of lack of time, I must postpone the verification with latest selinux-policy package.
Comment 28 Raphael Groner 2017-01-31 19:23:11 EST
See also bug 1404667.

I'm thinking about orphaning xlogin because really lack of free time to actively maintain it.

Note You need to log in before you can comment on or make changes to this bug.