From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050512 Fedora/1.0.4-2 Firefox/1.0.4 Description of problem: Running strict/permissive, I get this: May 25 06:19:54 fedora gdm(pam_unix)[2695]: session opened for user tbl by (uid=0) May 25 06:19:54 fedora kernel: audit(1117027194.325:0): avc: denied { write } for pid=2739 comm="ainit" name=pcm dev=hda2 ino=4524122 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:etc_t tclass=dir May 25 06:19:54 fedora kernel: audit(1117027194.325:0): avc: denied { add_name } for pid=2739 comm="ainit" name=dmix.conf scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:etc_t tclass=dir May 25 06:19:54 fedora kernel: audit(1117027194.325:0): avc: denied { create } for pid=2739 comm="ainit" name=dmix.conf scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:etc_t tclass=file May 25 06:19:54 fedora kernel: audit(1117027194.340:0): avc: denied { write } for pid=2739 comm="ainit" name=dmix.conf dev=hda2 ino=4522361 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:etc_t tclass=file May 25 06:19:56 fedora gconfd (tbl-2801): starting (version 2.10.0), pid 2801 user 'tbl' So it looks like xdm wants to really create/write this.... Logging out does this: May 25 06:24:54 fedora gconfd (tbl-2801): Exiting May 25 06:24:54 fedora gdm(pam_unix)[2695]: session closed for user tbl May 25 06:24:54 fedora kernel: audit(1117027494.313:0): avc: denied { write } for pid=3184 comm="ainit" name=pcm dev=hda2 ino=4524122 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:etc_t tclass=dir May 25 06:24:54 fedora kernel: audit(1117027494.313:0): avc: denied { remove_name } for pid=3184 comm="ainit" name=dmix.conf.lock dev=hda2 ino=4522777 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:etc_t tclass=dir May 25 06:24:54 fedora kernel: audit(1117027494.313:0): avc: denied { unlink } for pid=3184 comm="ainit" name=dmix.conf.lock dev=hda2 ino=4522777 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:etc_t tclass=file May 25 06:24:54 fedora kernel: audit(1117027494.349:0): avc: denied { unix_read unix_write } for pid=3184 comm="ainit" key=1947154681 scontext=system_u:system_r:xdm_t tcontext=tbl:staff_r:staff_t tclass=shm May 25 06:24:54 fedora kernel: audit(1117027494.349:0): avc: denied { associate } for pid=3184 comm="ainit" key=1947154681 scontext=system_u:system_r:xdm_t tcontext=tbl:staff_r:staff_t tclass=shm May 25 06:24:54 fedora kernel: audit(1117027494.349:0): avc: denied { destroy } for pid=3184 comm="ainit" key=1947154681 scontext=system_u:system_r:xdm_t tcontext=tbl:staff_r:staff_t tclass=shm Version-Release number of selected component (if applicable): selinux-policy-strict-1.23.16-6 How reproducible: Always Steps to Reproduce: 1. Need policy... 2. 3. Additional info:
Adding alsa/ainit policy in selinux-policy-strict-1.23.18-2