Bug 440540 - SELinux vs xdm_t - deathmatch!
SELinux vs xdm_t - deathmatch!
Status: CLOSED DUPLICATE of bug 431535
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
rawhide
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Kernel Maintainer List
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-03 17:41 EDT by Linus Torvalds
Modified: 2008-04-04 17:03 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-04 17:03:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Linus Torvalds 2008-04-03 17:41:42 EDT
Description of problem:

When ssh'ing into a machine where I have also a desktop session going, SELinux
gives really annoying warning messages on the console (and wakes up the screen
saver).

I get some annoying popup about "SELinux: AVC denial, click to view".

setroubleshoot says:
  "SELinux is preventing sshd (sshd_t) "link" to <Unknown> (xdm_t)"
and
  "SELinux is preventing sshd (sshd_t) "search" to <Unknown> (xdm_t)"

Version-Release number of selected component (if applicable):

openssh-*          4.7p1-9.fc9
selinux-policy-*   3.3.1-26.fc9

How reproducible:

100%. Pretty bog-standard Fedora9 install.

Steps to Reproduce:
1. Log in on console
2. Log in remotely using ssh.
3. Irritation
  
Actual results:

Stupid and irritating warning, and screensaver stops.

Expected results:

No idiotic warnings, pretty swirling screensaver goes on.

Additional info:

Yeah, I realize I can just disable selinux, and I guess I will, but with these
kinds of issues I cannot imagine that anybody actually ever keeps it enabled in
the first place.
Comment 1 Daniel Walsh 2008-04-04 16:58:05 EDT
This is a bug in the kernel where keyrings are being created on every setuid
call,  These are then labeled incorrectly and cause SELinux to put out the
message,  now we can either cover up the bug or leave the errors being reported
until they are cleaned up.

Comment 2 Daniel Walsh 2008-04-04 17:03:35 EDT

*** This bug has been marked as a duplicate of 431535 ***

Note You need to log in before you can comment on or make changes to this bug.