Bug 504382 - SELinux prevented kde4-config from writing ./.kde.
Summary: SELinux prevented kde4-config from writing ./.kde.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: kdebase
Version: 10
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Than Ngo
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-06-05 22:26 UTC by Russell Harrison
Modified: 2009-09-08 02:45 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-08 02:45:38 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
Saved selinux_alert (2.30 KB, text/plain)
2009-06-05 22:26 UTC, Russell Harrison
no flags Details

Description Russell Harrison 2009-06-05 22:26:43 UTC
Created attachment 346726 [details]
Saved selinux_alert

Description of problem:

After a clean install of Fedora 10 I received the above error from sealert with the recommendation to set the allow_daemons_dump_core boolean to true.

Version-Release number of selected component (if applicable):

$ rpm -q selinux-policy-targeted
selinux-policy-targeted-3.5.13-61.fc10.noarch

How reproducible:

Install Fedora 10 including some KDE packages.

Actual results:

SELinux alert message.

Expected results:

Clean install without error.

Additional info:

The .kde directory in my home directory does seem to have been created.

Comment 1 Alexander Todorov 2009-06-25 17:54:02 UTC
Same for me with F11 here:
after running restorecon the context is

unconfined_u:object_r:user_home_t:s0 .kde/

raw audit message:

node=fujiyama type=AVC msg=audit(1245774936.427:5): avc: denied { create } for pid=1575 comm="kde4-config" name=".kde" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir

node=fujiyama type=SYSCALL msg=audit(1245774936.427:5): arch=40000003 syscall=39 success=no exit=-13 a0=8f4e088 a1=1c0 a2=5c9990 a3=0 items=0 ppid=1574 pid=1575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kde4-config" exe="/usr/bin/kde4-config" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) 

$ rpm -q selinux-policy
selinux-policy-3.6.12-50.fc11.noarch

Comment 2 Daniel Walsh 2009-06-26 15:13:59 UTC
These are kdebase bugs.  kde should not be attemting to create files under / or /root outside of login.  It should have its own "$HOMEDIR" like gdm and then we could label every thing correctly.

Comment 3 Daniel Walsh 2009-06-26 15:14:30 UTC
You can allow these for now if you want,  using 

# grep avc /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Comment 4 Rex Dieter 2009-06-26 15:29:32 UTC
rpm -q kdelibs
please.

As of kdelibs-4.2.3-3 kde4-config should no longer be called.  See also bug #498809

Comment 5 Steven M. Parrish 2009-09-08 02:39:43 UTC
Ping

-- 
Steven M. Parrish - KDE Triage Master
                  - PackageKit Triager
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers

Comment 6 Kevin Kofler 2009-09-08 02:45:38 UTC
This should be fixed in the current stable update for kdelibs. Please reopen if the problem still persists.


Note You need to log in before you can comment on or make changes to this bug.