Red Hat Bugzilla – Bug 396251
SELinux is preventing the /usr/libexec/ck-get-x11-server-pid from using potentially mislabeled files ().
Last modified: 2007-12-01 22:43:47 EST
Description of problem: Mislabeled files even after relabeling the system from runlevel 1 and in permissive mode Version-Release number of selected component (if applicable): ConsoleKit-x11-0.2.3-2.fc9 [application] How reproducible: remove package, reinstall and relabel filesystem. Steps to Reproduce: 1. remove rpm 2. reinstall rpm 3. relabel filesystem Actual results: error persists Expected results: error to be resolved with relabel Additional info: Summary SELinux is preventing the /usr/libexec/ck-get-x11-server-pid from using potentially mislabeled files (<Unknown>). Detailed Description SELinux has denied /usr/libexec/ck-get-x11-server-pid access to potentially mislabeled file(s) (<Unknown>). This means that SELinux will not allow /usr/libexec/ck-get-x11-server-pid to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Allowing Access If you want /usr/libexec/ck-get-x11-server-pid to access this files, you need to relabel them using restorecon -v <Unknown>. You might want to relabel the entire directory using restorecon -R -v <Unknown>. Additional Information Source Context system_u:system_r:consolekit_t Target Context system_u:object_r:user_home_t Target Objects None [ file ] Affected RPM Packages ConsoleKit-x11-0.2.3-2.fc9 [application] Policy RPM selinux-policy-3.0.8-44.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.home_tmp_bad_labels Host Name HP-JCF7 Platform Linux HP-JCF7 2.6.23.1-49.fc8 #1 SMP Thu Nov 8 21:41:26 EST 2007 i686 athlon Alert Count 1 First Seen Thu 22 Nov 2007 09:11:45 PM EST Last Seen Thu 22 Nov 2007 09:11:45 PM EST Local ID 4066ed7e-e886-4fa8-b18e-c5b83d1faa41 Line Numbers Raw Audit Messages avc: denied { read } for comm=ck-get-x11-serv dev=sda2 egid=500 euid=500 exe=/usr/libexec/ck-get-x11-server-pid exit=-13 fsgid=500 fsuid=500 gid=500 items=0 name=.Xauthority pid=2502 scontext=system_u:system_r:consolekit_t:s0 sgid=500 subj=system_u:system_r:consolekit_t:s0 suid=500 tclass=file tcontext=system_u:object_r:user_home_t:s0 tty=(none) uid=500
Please file SELinux bugs against the correct component.
Fixed in selinux-policy-3.0.8-62.fc8
The last occurrence of this error was in runlevel 3 which only happened when running startx. The error is no longer present. Closing bug as resolved. Thanks!