Description of problem: I decided to start using SELinux on my laptop but it prevents execution of my favourite destop Version-Release number of selected component (if applicable): # rpm -qa |grep selinux-policy selinux-policy-3.3.1-78.fc9.noarch selinux-policy-targeted-3.3.1-78.fc9.noarch How reproducible: always Steps to Reproduce: # cat /etc/sysconfig/desktop DISPLAYMANAGER=XDM PREFERRED=/usr/bin/startfluxbox and then try log into your desktop Actual results: fails due missing TE rules Expected results: successful login Additional info: I will attach commented file with AVC denials
Created attachment 311949 [details] AVC denials
/etc/X11/xdm/authdir/authfiles directory should be writable (file "A:0-EQRIz0" is created in this case) I have no idea what these files are, none of these files/directrories exist when I install fluxbox? They are in a horrible location. Variable files should be in /var/run/fluxbox? /var/lib/fluxbox? If this is authorization data, you could choose: /var/lib/abl(/.*)? system_u:object_r:var_auth_t:s0 /var/run/xauth(/.*)? system_u:object_r:xdm_var_run_t:s0 /var/lib/pam_ssh(/.*)? system_u:object_r:var_auth_t:s0 /var/run/pam_ssh(/.*)? system_u:object_r:var_auth_t:s0 /var/run/saslauthd(/.*)? system_u:object_r:saslauthd_var_run_t:s0 /var/cache/coolkey(/.*)? system_u:object_r:auth_cache_t:s0 Or create a new one. /var/log/[kw]dm\.log.* -- system_u:object_r:xserver_log_t:s0 /var/log/gdm(/.*)? system_u:object_r:xserver_log_t:s0 /var/log/Xorg.* -- system_u:object_r:xserver_log_t:s0 /var/log/XFree86.* -- system_u:object_r:xserver_log_t:s0 /var/log/nvidia-installer\.log.* -- system_u:object_r:xserver_log_t:s0 xserver log should match one of these I would think? /var/log/Xorg.0.log seems to be the way gdm does it. What pam module does fluxbox use? Does it include pam_selinux?
Moving to proper component
*** This bug has been marked as a duplicate of 388431 ***