Description of problem: I am getting this error in both runlevel 3 and runlevel 5 SELinux is preventing the /sbin/pam_timestamp_check from using potentially mislabeled files (/home/jim/.xsession-errors). Version-Release number of selected component (if applicable): kernel-2.6.23.8-63.fc8 How reproducible: Login either runlevel 3 or 5 to use gnome Steps to Reproduce: 1. login rl3 or rl5 2. load gnome 3. review troubleshooter for errors Actual results: See error in browser Expected results: See no problem with timestamps for files Additional info: Refer to attached report for error.
Created attachment 279191 [details] .xsession timestamp error
Either pam_panel_icon must use G_SPAWN_STDERR_TO_DEV_NULL when spawning pam_timestamp_check or this must be allowed in policy. pam_timestamp_check can write some error messages to stderr but I am not sure that enabling it to append to user_home_t is worth it.
Fixed in selinux-policy-3.0.8-66.fc8 You can ignore for now.
Dan, (In reply to comment #3) > You can ignore for now. "For now"? Long term, what do you think we should do? If the policy lets pam_timestamp_check write to ~/.xsession-errors, then I'd prefer not redirecting stderr and letting pam_timestamp_check write error messages there. Or is the change only temporary, until usermode is changed?
I think you should continue doing what you do. pam_timestamp... should be allowed to write to .xsession-errors.
This error no longer shows up in the logs with selinux-policy-3.2.5-3.fc9 installed. Closing bug ticket.