Red Hat Bugzilla – Bug 440540
SELinux vs xdm_t - deathmatch!
Last modified: 2008-04-04 17:03:35 EDT
Description of problem:
When ssh'ing into a machine where I have also a desktop session going, SELinux
gives really annoying warning messages on the console (and wakes up the screen
I get some annoying popup about "SELinux: AVC denial, click to view".
"SELinux is preventing sshd (sshd_t) "link" to <Unknown> (xdm_t)"
"SELinux is preventing sshd (sshd_t) "search" to <Unknown> (xdm_t)"
Version-Release number of selected component (if applicable):
100%. Pretty bog-standard Fedora9 install.
Steps to Reproduce:
1. Log in on console
2. Log in remotely using ssh.
Stupid and irritating warning, and screensaver stops.
No idiotic warnings, pretty swirling screensaver goes on.
Yeah, I realize I can just disable selinux, and I guess I will, but with these
kinds of issues I cannot imagine that anybody actually ever keeps it enabled in
the first place.
This is a bug in the kernel where keyrings are being created on every setuid
call, These are then labeled incorrectly and cause SELinux to put out the
message, now we can either cover up the bug or leave the errors being reported
until they are cleaned up.
*** This bug has been marked as a duplicate of 431535 ***