Zusammenfassung: SELinux hindert load_policy (load_policy_t) "write" am Zugriff auf /home/simon/.xsession-errors (user_home_t). Detaillierte Beschreibung: SELinux denied access requested by load_policy. /home/simon/.xsession-errors may be a mislabeled. /home/simon/.xsession-errors default SELinux type is xdm_home_t, but its current type is user_home_t. Changing this file back to the default type, may fix your problem. File contexts can be assigned to a file in the following ways. * Files created in a directory receive the file context of the parent directory by default. * The SELinux policy might override the default label inherited from the parent directory by specifying a process running in context A which creates a file in a directory labeled B will instead create the file with label C. An example of this would be the dhcp client running with the dhclient_t type and creates a file in the directory /etc. This file would normally receive the etc_t type due to parental inheritance but instead the file is labeled with the net_conf_t type because the SELinux policy specifies this. * Users can change the file context on a file using tools such as chcon, or restorecon. This file could have been mislabeled either by user error, or if an normally confined application was run under the wrong domain. However, this might also indicate a bug in SELinux because the file should not have been labeled with this type. If you believe this is a bug, please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Zugriff erlauben: Sie können den Standarddateikontext für diese Datei wiederherstellen durch die Ausführung des restorecon-Befehls. restorecon '/home/simon/.xsession-errors', wenn diese Datei ein Verzeichnis ist, Sie können es auch rekursiv machen durch restorecon -R '/home/simon/.xsession-errors'. Fixer Befehl: restorecon '/home/simon/.xsession-errors' Zusätzliche Informationen: Quellkontext unconfined_u:system_r:load_policy_t:s0 Zielkontext unconfined_u:object_r:user_home_t:s0 Zielobjekte /home/simon/.xsession-errors [ file ] Quelle load_policy Quellen-Pfad /usr/sbin/load_policy Port <Unbekannt> Host hp550-01 Quellen-RPM-Pakete policycoreutils-2.0.57-17.fc10 Ziel-RPM-Pakete RPM-Richtlinie selinux-policy-3.5.13-47.fc10 SELinux aktiviert True Richtlinienversion targeted MLS aktiviert True Enforcing-Modus Enforcing Plugin-Name restorecon Hostname hp550-01 Plattform Linux hp550-01 2.6.27.19-170.2.35.fc10.x86_64 #1 SMP Mon Feb 23 13:00:23 EST 2009 x86_64 x86_64 Anzahl der Alarme 1 Zuerst gesehen Di 17 Mär 2009 20:15:24 CET Zuletzt gesehen Di 17 Mär 2009 20:15:24 CET Lokale ID 9612e364-b649-4382-ade1-8348f517ac86 Zeilennummern Raw-Audit-Meldungen node=hp550-01 type=AVC msg=audit(1237317324.151:30): avc: denied { write } for pid=3573 comm="load_policy" path="/home/simon/.xsession-errors" dev=sda8 ino=3620872 scontext=unconfined_u:system_r:load_policy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file node=hp550-01 type=AVC msg=audit(1237317324.151:30): avc: denied { write } for pid=3573 comm="load_policy" path="/home/simon/.xsession-errors" dev=sda8 ino=3620872 scontext=unconfined_u:system_r:load_policy_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file node=hp550-01 type=SYSCALL msg=audit(1237317324.151:30): arch=c000003e syscall=59 success=yes exit=0 a0=23b1b90 a1=7fe0b8f70fa0 a2=0 a3=7fffc5ddd000 items=0 ppid=3571 pid=3573 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="load_policy" exe="/usr/sbin/load_policy" subj=unconfined_u:system_r:load_policy_t:s0 key=(null)
restorecon -R -v /home/simon/.xsession-errors Some how this file got created with the wrong label. The message told you to do this and would have eliminated all of these bugzillas.