Bug 390731 - Slew of selinux gdm errors
Summary: Slew of selinux gdm errors
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 8
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-11-19 17:30 UTC by Need Real Name
Modified: 2008-01-15 18:58 UTC (History)
0 users

Fixed In Version: selinux-policy-3.0.8-57.fc8
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-01-15 18:58:52 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Need Real Name 2007-11-19 17:30:46 UTC 
In my fresh & clean f8 install, I get a slew of selinux errors related 'gdm'
both during startup and at intervals thereafter.

Here is a list of them (after piping through sort and uniq):

avc:  denied  { getattr } comm="gdm" path="/bin/rpm" dev=sda7 ino=1035336
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
avc:  denied  { getattr } comm="gdm" path="/usr/bin/cancel.cups" dev=sda7
ino=1380622 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:lpr_exec_t:s0 tclass=file
avc:  denied  { getattr } comm="gdm" path="/usr/bin/cvs" dev=sda7 ino=1378511
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:cvs_exec_t:s0 tclass=file
avc:  denied  { getattr } comm="gdm" path="/usr/bin/mplayer" dev=sda7
ino=1368339 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:mplayer_exec_t:s0 tclass=file
avc:  denied  { getattr } comm="gdm" path="/usr/bin/rsync" dev=sda7 ino=1379578
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:rsync_exec_t:s0 tclass=file
avc:  denied  { getattr } comm="gdm" path="/usr/bin/screen" dev=sda7 ino=1366280
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:screen_exec_t:s0 tclass=file
avc:  denied  { getattr } comm="gdm" path="/usr/bin/ssh" dev=sda7 ino=1382080
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:ssh_exec_t:s0 tclass=file
avc:  denied  { getattr } comm="gdm" path="/usr/bin/yum" dev=sda7 ino=1382847
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
avc:  denied  { getattr } comm="gdm"
path="/usr/lib/jvm/java-1.7.0-icedtea-1.7.0.0/jre/bin/java" dev=sda7 ino=1781548
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:java_exec_t:s0 tclass=file
avc:  denied  { getattr } comm="gdm-binary" path="/root2" dev=sda7 ino=1164699
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:default_t:s0 tclass=dir
avc:  denied  { signal } comm="gdm-binary"
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:system_r:mono_t:s0 tclass=process
Comment 1 Daniel Walsh 2007-11-19 18:31:47 UTC 
If you 

chcon -t bin_t /usr/sbin/gdm

And then restart gdm, do you still get these avc messages?

This fix is in selinux-policy-3.0.8-57.fc8
Comment 2 Need Real Name 2007-11-29 04:49:37 UTC 
The latest policy, indeed seems to have fixed it. Thanks.
Comment 3 Need Real Name 2008-01-15 18:42:43 UTC 
Can we close this bug since seems to be fixed...
Note You need to log in before you can comment on or make changes to this bug.