Bug 500944 - SELinux prevented kde4-config from writing .kde.
SELinux prevented kde4-config from writing .kde.
Status: CLOSED DUPLICATE of bug 489093
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-05-14 23:55 EDT by Ralf Corsepius
Modified: 2009-05-15 08:52 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-05-15 08:52:33 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Output of sealert -l a4029e06-1fd4-4fc8-8da0-2fc9b1fdc6a9 (2.14 KB, application/octet-stream)
2009-05-14 23:57 EDT, Ralf Corsepius
no flags Details

  None (edit)
Description Ralf Corsepius 2009-05-14 23:55:55 EDT
Description of problem:
Upon each reboot an selinux alert similar to this is being issued:
...
May 15 05:37:25 columbo setroubleshoot: SELinux prevented kde4-config from writing .kde. For complete SELinux messages. run sealert -l a4029e06-1fd4-4fc8-8da0-2fc9b1fdc6a9
...


Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.6.12-34.fc11.noarch
selinux-policy-3.6.12-34.fc11.noarch


How reproducible:
Always, on one machine. On a different machine, with a very similar set up, I am not observing this.

Steps to Reproduce:
1. reboot
2. check /var/log/messages
  
Actual results:
SEalert being risen.

Expected results:
No SEalert.

Additional info:
If I understand correctly, something is trying to run kde4-config during or shortly after bootup as root.

AFAICT, kde4-config wants to write to ~/.kde, i.e. to /root/.kde or even /.kde (In the past, some broken kde apps did so). May-be, selinux is preventing it from doing so, may-be kde4-config segfaults. I am not sure.
Comment 1 Ralf Corsepius 2009-05-14 23:57:56 EDT
Created attachment 344072 [details]
Output of sealert -l a4029e06-1fd4-4fc8-8da0-2fc9b1fdc6a9
Comment 2 Ralf Corsepius 2009-05-15 00:04:32 EDT
Likely a duplicate of 
https://bugzilla.redhat.com/show_bug.cgi?id=489093
Comment 3 Ralf Corsepius 2009-05-15 00:07:17 EDT
Correction: My second FC11 test machine now also exposes this issue:

May 15 06:01:38 gunvald setroubleshoot: SELinux prevented kde4-config from writing .kde. For complete SELinux messages. run sealert -l 3f6e9b13-5223-43b6-babe-35a5af18da11
Comment 4 Ralf Corsepius 2009-05-15 01:52:19 EDT
A bewildering observation:

My machines have /home and / on separate logical volumes.

On one of these, when moving /home down in fstab, this sealert goes away, on the other one, this doesn't help:

--- fstab.bak	2009-05-15 07:35:13.000000000 +0200
+++ fstab	2009-05-15 07:35:07.000000000 +0200
@@ -1,5 +1,4 @@
 /dev/VolGroup00/LogVol03 /                       ext3    defaults        1 1
-/dev/VolGroup00/LogVol02 /home                   ext3    defaults        1 1
 UUID=c40d2593-81fc-4f0b-8b81-e1d0bbeb4ceb /boot                   ext3    defaults        1 2
 tmpfs                   /dev/shm                tmpfs   defaults        0 0
 devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
@@ -7,3 +6,4 @@
 proc                    /proc                   proc    defaults        0 0
 /dev/VolGroup00/LogVol01 swap                    swap    defaults        0 0
 /dev/VolGroup00/LogVol00 /opt/fedora/10          ext3    defaults,noauto 0 0
+/dev/VolGroup00/LogVol02 /home                   ext3    defaults        1 1
Comment 5 Ben Levenson 2009-05-15 08:26:47 EDT
copying than

reproduced with the following RPMs:
selinux-policy-targeted-3.6.12-34.fc11.noarch
selinux-policy-3.6.12-34.fc11.noarch
kdelibs-4.2.2-12.fc11.x86_64
Comment 6 Rex Dieter 2009-05-15 08:52:33 EDT
Yes, this is the same symptoms of the other bug, duping.

*** This bug has been marked as a duplicate of bug 489093 ***

Note You need to log in before you can comment on or make changes to this bug.