Bug 440540 - SELinux vs xdm_t - deathmatch!
Summary: SELinux vs xdm_t - deathmatch!
Keywords:
Status: CLOSED DUPLICATE of bug 431535
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: rawhide
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-04-03 21:41 UTC by Linus Torvalds
Modified: 2008-04-04 21:03 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-04-04 21:03:35 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Linus Torvalds 2008-04-03 21:41:42 UTC
Description of problem:

When ssh'ing into a machine where I have also a desktop session going, SELinux
gives really annoying warning messages on the console (and wakes up the screen
saver).

I get some annoying popup about "SELinux: AVC denial, click to view".

setroubleshoot says:
  "SELinux is preventing sshd (sshd_t) "link" to <Unknown> (xdm_t)"
and
  "SELinux is preventing sshd (sshd_t) "search" to <Unknown> (xdm_t)"

Version-Release number of selected component (if applicable):

openssh-*          4.7p1-9.fc9
selinux-policy-*   3.3.1-26.fc9

How reproducible:

100%. Pretty bog-standard Fedora9 install.

Steps to Reproduce:
1. Log in on console
2. Log in remotely using ssh.
3. Irritation
  
Actual results:

Stupid and irritating warning, and screensaver stops.

Expected results:

No idiotic warnings, pretty swirling screensaver goes on.

Additional info:

Yeah, I realize I can just disable selinux, and I guess I will, but with these
kinds of issues I cannot imagine that anybody actually ever keeps it enabled in
the first place.

Comment 1 Daniel Walsh 2008-04-04 20:58:05 UTC
This is a bug in the kernel where keyrings are being created on every setuid
call,  These are then labeled incorrectly and cause SELinux to put out the
message,  now we can either cover up the bug or leave the errors being reported
until they are cleaned up.



Comment 2 Daniel Walsh 2008-04-04 21:03:35 UTC

*** This bug has been marked as a duplicate of 431535 ***


Note You need to log in before you can comment on or make changes to this bug.