Summary: SELinux is preventing kdm_greet (xdm_t) "write" to ./kde.desktop (usr_t). Detailed Description: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux denied access requested by kdm_greet. It is not expected that this access is required by kdm_greet and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./kde.desktop, restorecon -v './kde.desktop' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:usr_t:s0 Target Objects ./kde.desktop [ file ] Source kdm_greet Source Path /usr/libexec/kde4/kdm_greet Port <Unknown> Host tigger3 Source RPM Packages kdebase-workspace-4.0.3-15.fc9 Target RPM Packages Policy RPM selinux-policy-3.3.1-35.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name catchall_file Host Name tigger3 Platform Linux tigger3 2.6.25-1.fc9.i686 #1 SMP Thu Apr 17 01:47:10 EDT 2008 i686 i686 Alert Count 3 First Seen Sat 19 Apr 2008 06:46:32 BST Last Seen Mon 21 Apr 2008 18:19:14 BST Local ID 871cc483-e85e-4967-b9dd-f43a07e74faf Line Numbers Raw Audit Messages host=tigger3 type=AVC msg=audit(1208798354.578:8): avc: denied { write } for pid=2215 comm="kdm_greet" name="kde.desktop" dev=sda1 ino=426732 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file host=tigger3 type=SYSCALL msg=audit(1208798354.578:8): arch=40000003 syscall=33 success=yes exit=0 a0=9d0ea20 a1=2 a2=2236290 a3=9d0ea10 items=0 ppid=2211 pid=2215 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kdm_greet" exe="/usr/libexec/kde4/kdm_greet" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Summary: SELinux is preventing kdm_greet (xdm_t) "write" to ./kde.desktop (usr_t). Detailed Description: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux denied access requested by kdm_greet. It is not expected that this access is required by kdm_greet and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./kde.desktop, restorecon -v './kde.desktop' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:usr_t:s0 Target Objects ./kde.desktop [ file ] Source kdm_greet Source Path /usr/libexec/kde4/kdm_greet Port <Unknown> Host tigger3 Source RPM Packages kdebase-workspace-4.0.3-15.fc9 Target RPM Packages Policy RPM selinux-policy-3.3.1-35.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name catchall_file Host Name tigger3 Platform Linux tigger3 2.6.25-1.fc9.i686 #1 SMP Thu Apr 17 01:47:10 EDT 2008 i686 i686 Alert Count 3 First Seen Sat 19 Apr 2008 06:46:32 BST Last Seen Mon 21 Apr 2008 18:19:14 BST Local ID 871cc483-e85e-4967-b9dd-f43a07e74faf Line Numbers Raw Audit Messages host=tigger3 type=AVC msg=audit(1208798354.578:8): avc: denied { write } for pid=2215 comm="kdm_greet" name="kde.desktop" dev=sda1 ino=426732 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file host=tigger3 type=SYSCALL msg=audit(1208798354.578:8): arch=40000003 syscall=33 success=yes exit=0 a0=9d0ea20 a1=2 a2=2236290 a3=9d0ea10 items=0 ppid=2211 pid=2215 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kdm_greet" exe="/usr/libexec/kde4/kdm_greet" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
Fixed in selinux-policy-3.3.1-37.fc9.noarch