Bug 504382 - SELinux prevented kde4-config from writing ./.kde.
SELinux prevented kde4-config from writing ./.kde.
Product: Fedora
Classification: Fedora
Component: kdebase (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Ngo Than
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2009-06-05 18:26 EDT by Russell Harrison
Modified: 2009-09-07 22:45 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-09-07 22:45:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Saved selinux_alert (2.30 KB, text/plain)
2009-06-05 18:26 EDT, Russell Harrison
no flags Details

  None (edit)
Description Russell Harrison 2009-06-05 18:26:43 EDT
Created attachment 346726 [details]
Saved selinux_alert

Description of problem:

After a clean install of Fedora 10 I received the above error from sealert with the recommendation to set the allow_daemons_dump_core boolean to true.

Version-Release number of selected component (if applicable):

$ rpm -q selinux-policy-targeted

How reproducible:

Install Fedora 10 including some KDE packages.

Actual results:

SELinux alert message.

Expected results:

Clean install without error.

Additional info:

The .kde directory in my home directory does seem to have been created.
Comment 1 Alexander Todorov 2009-06-25 13:54:02 EDT
Same for me with F11 here:
after running restorecon the context is

unconfined_u:object_r:user_home_t:s0 .kde/

raw audit message:

node=fujiyama type=AVC msg=audit(1245774936.427:5): avc: denied { create } for pid=1575 comm="kde4-config" name=".kde" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir

node=fujiyama type=SYSCALL msg=audit(1245774936.427:5): arch=40000003 syscall=39 success=no exit=-13 a0=8f4e088 a1=1c0 a2=5c9990 a3=0 items=0 ppid=1574 pid=1575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kde4-config" exe="/usr/bin/kde4-config" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) 

$ rpm -q selinux-policy
Comment 2 Daniel Walsh 2009-06-26 11:13:59 EDT
These are kdebase bugs.  kde should not be attemting to create files under / or /root outside of login.  It should have its own "$HOMEDIR" like gdm and then we could label every thing correctly.
Comment 3 Daniel Walsh 2009-06-26 11:14:30 EDT
You can allow these for now if you want,  using 

# grep avc /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Comment 4 Rex Dieter 2009-06-26 11:29:32 EDT
rpm -q kdelibs

As of kdelibs-4.2.3-3 kde4-config should no longer be called.  See also bug #498809
Comment 5 Steven M. Parrish 2009-09-07 22:39:43 EDT

Steven M. Parrish - KDE Triage Master
                  - PackageKit Triager
Fedora Bugzappers volunteer triage team
Comment 6 Kevin Kofler 2009-09-07 22:45:38 EDT
This should be fixed in the current stable update for kdelibs. Please reopen if the problem still persists.

Note You need to log in before you can comment on or make changes to this bug.