Bug 524087 - setroubleshoot: SELinux is preventing /usr/libexec/ck-get-x11-server-pid "read" access on .Xauthority.
Summary: setroubleshoot: SELinux is preventing /usr/libexec/ck-get-x11-server-pid "rea...
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:5b6c5df0405...
: 529264 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-17 20:04 UTC by Alexey Torkhov
Modified: 2009-10-20 22:35 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-10-20 22:35:39 UTC


Attachments (Terms of Use)

Description Alexey Torkhov 2009-09-17 20:04:10 UTC
The following was filed automatically by setroubleshoot:
audit2allow suggests:

Comment 1 Alexey Torkhov 2009-09-17 20:15:22 UTC
Apparently, setroubleshoot didn't generate proper message. Here is audit message:
Happens in gnome session for root user.

node=rawhide.tortilla.ru type=AVC msg=audit(1253217723.568:26): avc: denied { read } for pid=1789 comm="ck-get-x11-serv" name=".Xauthority" dev=vda1 ino=107186 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file 

node=rawhide.tortilla.ru type=SYSCALL msg=audit(1253217723.568:26): arch=40000003 syscall=33 success=no exit=-13 a0=bfa51fbc a1=4 a2=584bb8 a3=bfa51fbc items=0 ppid=1788 pid=1789 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ck-get-x11-serv" exe="/usr/libexec/ck-get-x11-server-pid" subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null)

Comment 2 Daniel Walsh 2009-09-17 20:59:22 UTC
Did you login in as root via X Windows?

Comment 3 Alexey Torkhov 2009-09-17 21:03:24 UTC
Nope, gdm seems doesn’t allow this. I called startx from console.

Comment 4 Daniel Walsh 2009-09-17 21:07:10 UTC
When logged in as root?

SELinux does not support that so I have to close these bugs as WONTFIX.

Comment 5 Martin Naď 2009-10-15 19:38:28 UTC
*** Bug 529264 has been marked as a duplicate of this bug. ***

Comment 6 Daniel Walsh 2009-10-20 22:35:39 UTC
restorecon -R -v /root 
should fix.Not sure how it got mislabled.  If you are logging in as root or running a session as root, that is not supported within SELinux.


Note You need to log in before you can comment on or make changes to this bug.