Bug 407681 - SELinux is preventing gdm-simple-gree (xdm_t) "getattr" to (inotifyfs_t).
SELinux is preventing gdm-simple-gree (xdm_t) "getattr" to (inotifyfs_t).
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-12-02 00:20 EST by Jim Cornette
Modified: 2007-12-03 21:52 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-12-03 21:52:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jim Cornette 2007-12-02 00:20:24 EST
Description of problem:
errors in troubleshooter browser

Version-Release number of selected component (if applicable):

How reproducible:
Login with enforcing=0 with kernel-

Steps to Reproduce:
1. add enforcing=0 to boot stanza
2. login using gdm
3. start GNOME via gdm
Actual results:
errors in browser displayed

Expected results:
no errors of course. But since gdm is in bad shape, I am no surprised with errors.

Additional info:
    SELinux is preventing gdm-simple-gree (xdm_t) "getattr" to <Unknown>

Detailed Description
    SELinux denied access requested by gdm-simple-gree. It is not expected that
    this access is required by gdm-simple-gree and this access may signal an
    intrusion attempt. It is also possible that the specific version or
    configuration of the application is causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for <Unknown>, restorecon -v
    <Unknown> If this does not work, there is currently no automatic way to
    allow this access. Instead,  you can generate a local policy module to allow
    this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
    Or you can disable SELinux protection altogether. Disabling SELinux
    protection is not recommended. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Additional Information        

Source Context                system_u:system_r:xdm_t:SystemLow-SystemHigh
Target Context                system_u:object_r:inotifyfs_t
Target Objects                None [ dir ]
Affected RPM Packages         
Policy RPM                    selinux-policy-3.1.2-2.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   plugins.catchall_file
Host Name                     HP-JCF7
Platform                      Linux HP-JCF7 #1 SMP Thu Nov 8
                              21:41:26 EST 2007 i686 athlon
Alert Count                   1
First Seen                    Sat 01 Dec 2007 11:02:21 PM EST
Last Seen                     Sat 01 Dec 2007 11:02:21 PM EST
Local ID                      63e5b879-0fe1-4f27-a87f-25db72ecf0c8
Line Numbers                  

Raw Audit Messages            

avc: denied { getattr } for comm=gdm-simple-gree dev=inotifyfs path=inotify
pid=2428 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=dir
Comment 1 Daniel Walsh 2007-12-02 21:17:12 EST
Fixed in selinux-policy-3.2.1-2.fc9
Comment 2 Jim Cornette 2007-12-03 21:52:14 EST
confirmed. Closed as Fixed in Rawhide.

Note You need to log in before you can comment on or make changes to this bug.