Bug 375061 - SELinux is preventing X (xdm_xserver_t) "rmdir" to (device_t).
Summary: SELinux is preventing X (xdm_xserver_t) "rmdir" to (device_t).
Alias: None
Product: Fedora
Classification: Fedora
Component: setroubleshoot
Version: 8
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2007-11-10 21:28 UTC by Konstantin Svist
Modified: 2008-11-26 17:36 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2008-11-26 17:36:51 UTC

Attachments (Terms of Use)

Description Konstantin Svist 2007-11-10 21:28:06 UTC
Description of problem:

Filing against setroubleshoot because package name is not specified in
setroubleshoot message.

Receiving the following message in setroubleshoot:

    SELinux is preventing X (xdm_xserver_t) "rmdir" to <Unknown> (device_t).

Detailed Description
    SELinux denied access requested by X. It is not expected that this access is
    required by X and this access may signal an intrusion attempt. It is also
    possible that the specific version or configuration of the application is
    causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for <Unknown>, restorecon -v
    <Unknown> If this does not work, there is currently no automatic way to
    allow this access. Instead,  you can generate a local policy module to allow
    this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
    Or you can disable SELinux protection altogether. Disabling SELinux
    protection is not recommended. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Additional Information        

Source Context                system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023
Target Context                system_u:object_r:device_t:s0
Target Objects                None [ dir ]
Affected RPM Packages         
Policy RPM                    selinux-policy-3.0.8-44.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     mireille
Platform                      Linux mireille #1 SMP Tue Oct 30
                              13:55:12 EDT 2007 i686 i686
Alert Count                   1
First Seen                    Sat 10 Nov 2007 03:47:16 AM PST
Last Seen                     Sat 10 Nov 2007 03:47:16 AM PST
Local ID                      2dd86f90-5c16-44ab-9b88-18a2aaff0a5e
Line Numbers                  

Raw Audit Messages            

avc: denied { rmdir } for comm=X dev=tmpfs name=dri pid=3018
scontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tclass=dir

Comment 1 Daniel Walsh 2007-11-12 21:38:28 UTC
Fixed in selinux-policy-3.0.8-53.fc8

Comment 2 Bug Zapper 2008-11-26 08:17:56 UTC
This message is a reminder that Fedora 8 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 8.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '8'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 8's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 8 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 

Comment 3 Jon Stanley 2008-11-26 17:36:51 UTC
As this bug is in MODIFIED, Fedora believes that a fix has been committed that resolves the problem listed in this bug report.

If this is not the case, please re-open this report, noting the version of the package that you reproduced the bug against.

Thanks for the report!

Note You need to log in before you can comment on or make changes to this bug.