Description of problem: Some SELinux errors I'm receiving: SELinux is preventing /usr/bin/Xorg (xdm_xserver_t) "read" to (initrc_t). Source Context: system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023Target Context: system_u:system_r:initrc_t:s0Target Objects: None [ shm ]Affected RPM Packages: xorg-x11-server-Xorg-1.3.0.0-30.fc8 [application]Policy RPM: selinux-policy-3.0.8-22.fc8Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: PermissivePlugin Name: plugins.catchallHost Name: dhcp-lab-228.englab.brq.redhat.comPlatform: Linux dhcp-lab-228.englab.brq.redhat.com 2.6.23-6.fc8 #1 SMP Thu Oct 11 13:36:39 EDT 2007 x86_64 x86_64Alert Count: 2First Seen: Út 16. říjen 2007, 11:06:52 CESTLast Seen: Út 16. říjen 2007, 15:47:06 CESTLocal ID: 672ef70c-49e6-48bf-a652-527afde4ec6dLine Numbers: Raw Audit Messages :avc: denied { read } for comm=X egid=0 euid=0 exe=/usr/bin/Xorg exit=-1023295488 fsgid=0 fsuid=0 gid=0 items=0 pid=2842 scontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 suid=0 tclass=shm tcontext=system_u:system_r:initrc_t:s0 tty=tty7 uid=0 --------------------------------------- SELinux is preventing X (xdm_xserver_t) "getattr associate" to (initrc_t). Source Context: system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023Target Context: system_u:system_r:initrc_t:s0Target Objects: None [ shm ]Affected RPM Packages: Policy RPM: selinux-policy-3.0.8-22.fc8Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: PermissivePlugin Name: plugins.catchallHost Name: dhcp-lab-228.englab.brq.redhat.comPlatform: Linux dhcp-lab-228.englab.brq.redhat.com 2.6.23-6.fc8 #1 SMP Thu Oct 11 13:36:39 EDT 2007 x86_64 x86_64Alert Count: 4First Seen: Čt 11. říjen 2007, 12:30:17 CESTLast Seen: Út 16. říjen 2007, 11:29:19 CESTLocal ID: 843413c5-ed24-4e2a-9b70-7372ca512a5cLine Numbers: Raw Audit Messages :avc: denied { getattr associate } for comm=X pid=2842 scontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=shm tcontext=system_u:system_r:initrc_t:s0 ------------------------------------------------- SELinux is preventing X (xdm_xserver_t) "unix_read" to (initrc_t). Source Context: system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023Target Context: system_u:system_r:initrc_t:s0Target Objects: None [ shm ]Affected RPM Packages: Policy RPM: selinux-policy-3.0.8-22.fc8Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: PermissivePlugin Name: plugins.catchallHost Name: dhcp-lab-228.englab.brq.redhat.comPlatform: Linux dhcp-lab-228.englab.brq.redhat.com 2.6.23-6.fc8 #1 SMP Thu Oct 11 13:36:39 EDT 2007 x86_64 x86_64Alert Count: 15First Seen: Út 9. říjen 2007, 15:56:52 CESTLast Seen: Út 16. říjen 2007, 11:29:19 CESTLocal ID: 0bc6e292-1c50-45a5-8bee-6b2bc28966c5Line Numbers: Raw Audit Messages :avc: denied { unix_read } for comm=X pid=2842 scontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=shm tcontext=system_u:system_r:initrc_t:s0 Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Which process on your machine is running as initrc_t? ps -eZ | grep initrc_t
[root@]# ps -eZ | grep initrc_t system_u:system_r:initrc_t:s0 2265 ? 00:00:01 vmware-serverd system_u:system_r:initrc_t:s0 2356 ? 00:00:00 nasd system_u:system_r:initrc_t:s0 2534 ? 00:00:00 libvirtd system_u:system_r:initrc_t:s0 4390 ? 00:00:03 vmware-vmx
What is the path to vmware-serverd and vmware-vmx? If you run chcon -t vmware_exec_t vmware-serverd vmware-vmx Do things work better?
/usr/sbin/vmware-serverd /usr/lib/vmware/bin/vmware-vmx And I'll watch if the messages will disappear after chcon command..
Fixed vmware context in selinux-policy-3.0.8-24.fc8.src.rpm
Created attachment 232391 [details] setoubleshoot output after reboot Hi Actually after todays update & reboot I'm getting much more selinux errors then I've used to get before this update. See the attached log file - I guess it's more readable then to copy them here one-by-one
Please attach audit.log. We are investigating other problems.
Bulk closing all bugs in Fedora updates in the modified state. If you bug is not fixed, please reopen.