Bug 444478 - SELinux prevents gdm-session-worker from accessing .dmrc
SELinux prevents gdm-session-worker from accessing .dmrc
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: gdm (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: jmccann
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-28 11:48 EDT by Andrew McNabb
Modified: 2015-01-14 18:21 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-28 15:28:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrew McNabb 2008-04-28 11:48:38 EDT
I'm testing Fedora 9 Preview.  GDM can't read or write ~/.dmrc, so it can't
remember which session a user chose.  SELinux is preventing gdm-session-worker
from accessing the .dmrc file.  I haven't modified the default SELinux settings
in any way.

Here's a message from /var/log/messages:

Apr 28 09:41:57 maude gdm-session-worker[4805]: WARNING: unable to log session
Apr 28 09:41:57 maude gdm-session-worker[4805]: WARNING: could not save session 
and language settings: Failed to create file '/home/amcnabb/.dmrc.KK2CAU': Permi
ssion denied
Apr 28 09:41:57 maude setroubleshoot: SELinux is preventing gdm-session-wor (xdm
_t) "read append" to ./.xsession-errors (home_root_t). For complete SELinux mess
ages. run sealert -l b122017e-c4ff-4f51-8450-7ef8eb39c2f7
Apr 28 09:41:57 maude setroubleshoot: SELinux is preventing gdm-session-wor (xdm
_t) "write" to ./amcnabb (home_root_t). For complete SELinux messages. run seale
rt -l 43593f8b-7503-4ef2-9242-dfec108f4a77
Apr 28 09:41:57 maude setroubleshoot: SELinux is preventing gdm-session-wor (xdm
_t) "read" to .dmrc (home_root_t). For complete SELinux messages. run sealert -l
 633b3fc7-225e-44d8-acc2-d04ff8401df1
Apr 28 09:41:57 maude setroubleshoot: SELinux is preventing gdm-session-wor (xdm
_t) "write" to ./amcnabb (home_root_t). For complete SELinux messages. run seale
rt -l 43593f8b-7503-4ef2-9242-dfec108f4a77


Thanks.
Comment 1 Daniel Walsh 2008-04-28 15:28:15 EDT
The problem here is the labeling on amcnabb is wrong.

restorecon -R -v /home 

Should fix.

Did you just create this directory by hand?


Comment 2 Andrew McNabb 2008-04-28 15:33:07 EDT
It was restored from a tarball, which seems like a pretty normal thing to do. 
If selinux can't deal with that, it really seems like a problem.
Comment 3 Daniel Walsh 2008-04-28 15:40:37 EDT
It can as long as you told your tar ball to contain xattrs.

man tar

...

 --selinux
              this option causes tar to store  each  file's  SELinux  security
              context information in the archive.

       --xattrs
              this  option causes tar to store each file's extended attributes
              in the archive. This option also enables --acls and--selinux  if
              they haven't been set already, due to the fact that the data for
              those are stored in special xattrs.


Note You need to log in before you can comment on or make changes to this bug.