# grep den /var/log/audit/audit.log type=AVC msg=audit(1189100042.312:9): avc: denied { read write } for pid=2355 comm="ssh-keygen" path="/dev/pts/0" dev=devpts ino=2 scontext=system_u:system_r:ssh_keygen_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file type=AVC msg=audit(1189100043.427:10): avc: denied { read write } for pid=2359 comm="ssh-keygen" path="/dev/pts/0" dev=devpts ino=2 scontext=system_u:system_r:ssh_keygen_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file type=AVC msg=audit(1189100044.552:11): avc: denied { read write } for pid=2363 comm="ssh-keygen" path="/dev/pts/0" dev=devpts ino=2 scontext=system_u:system_r:ssh_keygen_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file type=AVC msg=audit(1189100055.391:12): avc: denied { unix_read unix_write } for pid=1495 comm="Xorg" key=0 scontext=system_u:system_r:xdm_xserver_t:s0 tcontext=system_u:system_r:firstboot_t:s0 tclass=shm type=AVC msg=audit(1189100093.657:14): avc: denied { unix_read unix_write } for pid=1495 comm="Xorg" key=0 scontext=system_u:system_r:xdm_xserver_t:s0 tcontext=system_u:system_r:firstboot_t:s0 tclass=shm This is on a fresh install of f8test2 rc1 (rawhide 20070906) a default install and a run through firstboot including creating a user. # audit2allow < /var/log/audit/audit.log #============= ssh_keygen_t ============== allow ssh_keygen_t rhgb_devpts_t:chr_file { read write }; #============= xdm_xserver_t ============== allow xdm_xserver_t firstboot_t:shm { unix_read unix_write };
Fixed in selinux-policy-3.0.7-5.fc8
Confirmed.