Red Hat Bugzilla – Bug 413421
SELinux is preventing the /sbin/pam_timestamp_check from using potentially mislabeled files (~/.xsession-errors).
Last modified: 2007-12-21 23:57:20 EST
Description of problem:
I am getting this error in both runlevel 3 and runlevel 5
SELinux is preventing the /sbin/pam_timestamp_check from using potentially
mislabeled files (/home/jim/.xsession-errors).
Version-Release number of selected component (if applicable):
Login either runlevel 3 or 5 to use gnome
Steps to Reproduce:
1. login rl3 or rl5
2. load gnome
3. review troubleshooter for errors
See error in browser
See no problem with timestamps for files
Refer to attached report for error.
Created attachment 279191 [details]
.xsession timestamp error
Either pam_panel_icon must use G_SPAWN_STDERR_TO_DEV_NULL when spawning
pam_timestamp_check or this must be allowed in policy. pam_timestamp_check can
write some error messages to stderr but I am not sure that enabling it to append
to user_home_t is worth it.
Fixed in selinux-policy-3.0.8-66.fc8
You can ignore for now.
(In reply to comment #3)
> You can ignore for now.
"For now"? Long term, what do you think we should do?
If the policy lets pam_timestamp_check write to ~/.xsession-errors, then I'd
prefer not redirecting stderr and letting pam_timestamp_check write error
Or is the change only temporary, until usermode is changed?
I think you should continue doing what you do. pam_timestamp... should be
allowed to write to .xsession-errors.
This error no longer shows up in the logs with selinux-policy-3.2.5-3.fc9
installed. Closing bug ticket.