Bug 485326 - SELinux is preventing polkit-read-aut(polkit_auth_t) "write" to /var/log/gdm/:0-greeter.log (xserver_log_t)
SELinux is preventing polkit-read-aut(polkit_auth_t) "write" to /var/log/gdm/...
Status: CLOSED DUPLICATE of bug 480847
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2009-02-12 16:38 EST by Jeff Bastian
Modified: 2009-02-13 05:13 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-02-13 05:13:22 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jeff Bastian 2009-02-12 16:38:16 EST
Description of problem:
setroubleshoot has reported many instances of this error recently:
SELinux is preventing polkit-read-aut(polkit_auth_t) "write" to /var/log/gdm/:0-greeter.log (xserver_log_t)

Full sealart info is below under Additional Info

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. something in the background runs and setroubleshoot appears with above message
Actual results:
setroubleshoot appears

Expected results:
setroubleshoot doesn't interrupt me

Additional info:

SELinux is preventing polkit-read-aut (polkit_auth_t) "write" to
/var/log/gdm/:0-greeter.log (xserver_log_t).                    

Detailed Description:

SELinux denied access requested by polkit-read-aut. It is not expected that this
access is required by polkit-read-aut and this access may signal an intrusion   
attempt. It is also possible that the specific version or configuration of the  
application is causing it to require additional access.                         

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for /var/log/gdm/:0-greeter.log,               

restorecon -v '/var/log/gdm/:0-greeter.log'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ  
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable   
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:polkit_auth_t:s0-s0:c0.c1023
Target Context                system_u:object_r:xserver_log_t:s0
Target Objects                /var/log/gdm/:0-greeter.log [ file ]
Source                        polkit-read-aut
Source Path                   /usr/libexec/polkit-read-auth-helper
Port                          <Unknown>
Host                          tarantula.localdomain
Source RPM Packages           PolicyKit-0.9-4.fc10
Target RPM Packages
Policy RPM                    selinux-policy-3.5.13-41.fc10
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     tarantula.localdomain
Platform                      Linux tarantula.localdomain
                     #1 SMP Wed Jan 21
                              01:33:24 EST 2009 x86_64 x86_64
Alert Count                   117
First Seen                    Mon Feb  2 09:40:11 2009
Last Seen                     Thu Feb 12 12:44:33 2009
Local ID                      7d7204ad-ba50-4e6d-875c-2bc4068a0032
Line Numbers

Raw Audit Messages

node=tarantula.localdomain type=AVC msg=audit(1234464273.644:11): avc:  denied{ write } for  pid=3045 comm="polkit-read-aut" path="/var/log/gdm/:0-greeter.log" dev=dm-1 ino=287490 scontext=system_u:system_r:polkit_auth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_log_t:s0 tclass=file

node=tarantula.localdomain type=SYSCALL msg=audit(1234464273.644:11): arch=c000003e syscall=59 success=yes exit=0 a0=39e3414c08 a1=7fffacca3bd0 a2=7fffacca4a68a3=8 items=0 ppid=3001 pid=3045 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=87 sgid=87 fsgid=87 tty=(none) ses=4294967295 comm="polkit-read-aut" exe="/usr/libexec/polkit-read-auth-helper" subj=system_u:system_r:polkit_auth_t:s0-s0:c0.c1023 key=(null)
Comment 1 Miroslav Grepl 2009-02-13 05:13:22 EST

*** This bug has been marked as a duplicate of bug 480847 ***

Note You need to log in before you can comment on or make changes to this bug.