Bug 356801 - SELinux prevents KDM login with NFS home directory
SELinux prevents KDM login with NFS home directory
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2007-10-29 11:56 EDT by Paul Black
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-10-30 06:37:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
/var/log/audit/audit.log (59.06 KB, application/octet-stream)
2007-10-29 11:56 EDT, Paul Black
no flags Details

  None (edit)
Description Paul Black 2007-10-29 11:56:13 EDT
Description of problem:
When logging in from KDM with user with NFS home directory, then login process
starts but before the KDE splash screen appears, KDM quits and goes back to the
KDM screen.

Version-Release number of selected component (if applicable):

How reproducible:
Every time.

Steps to Reproduce:
1. Set SELinux to Enforcing
2. Use KDM greeter
2. Login to KDE session with user who has NFS home directory (mounted through
Actual results:
KDM starts log in process but quits before KDE spash screen
syslog output:
kdm: :0[5394]: pam_unix(kdm:session): session opened for user paul by (uid=0)
kdm: :0[5469]: Can't update authorization file in home dir /home/paul
kdm: :0[5469]: Cannot chdir to paul's home /home/paul: Permission denied, using /
kdm: :0[5581]: Can't update authorization file in home dir /home/paul
kdm: :0[5394]: pam_unix(kdm:session): session closed for user paul

Expected results:
KDM shouldn't quit and user should be logged in.

Additional info:
Comment 1 Paul Black 2007-10-29 11:56:13 EDT
Created attachment 241971 [details]
Comment 2 Daniel Walsh 2007-10-29 22:04:33 EDT
I think the problem you are having is caused by your homedir "paul" being a
symlink, to another directory.

You can add policy to handle this , by executing 

# grep lnk_file /var/log/audit/audit.log | audit2allow -M mylogin
# semodule -i mylogin.pp

Another strange thing from this login is xdm looking at a lnk_file labeled
sysadm_home_t.  Looks like kdm is reading a file in /root.  Did you attempt to
login as root? /root/.kde/cache-vienna.oxsemi.com

Finally kdm seems to want to write to a bunch of files (*.desktop) labeled
usr_t?  Do you have any idea what is going on here?
Comment 3 Paul Black 2007-10-30 06:37:21 EDT
That sorted it. Cheers.

I'm not sure what the access to /root/.kde/cache-vienna.oxsemi.com is, I'm not
trying to log in as root.

Also not sure about the various .desktop files but they all seem to be in

Note You need to log in before you can comment on or make changes to this bug.