Description of problem: Looks like gdm-session-worker gets blocked. Could not determine impact of block. Version-Release number of selected component (if applicable): selinux-policy-targeted-3.6.12-53.fc11.noarch How reproducible: Every time Steps to Reproduce: 1.Log in 2. 3. Actual results: Expected results: Additional info: time->Fri Jul 3 12:28:52 2009 type=SYSCALL msg=audit(1246649332.183:26): arch=c000003e syscall=2 success=no exit=-13 a0=11ab330 a1=c2 a2=180 a3=20 items=0 ppid=3399 pid=3450 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="gdm-session-wor" exe="/usr/libexec/gdm-session-worker" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1246649332.183:26): avc: denied { add_name } for pid=3450 comm="gdm-session-wor" name=".xsession-errors.XXW9QFWU" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir
Are you attempting to login as root via gdm? This is not allowed via policy and is turned off by default in GDM.
Yes, we log in as root when setting up systems. It is unrealistic to expect administration people not to. Initially there are no other log in accounts available.
Well since GDM denies the ability to login as root, you must have changed this somehow, and you can setup accounts during the install, either via kickstart or the firstboot. You can login via local login, sshd but not via X because it is considered very dangerous to run an Xwindows Session as root. (Running firefox for example.) SELinux has to treat the /root directory differently then normal /home since the ability to write to the /root directory would allow an app to write something to /.bashrc and then all admins for ever would just execute that code.