Bug 542618 - SELinux is preventing the kdm from using potentially mislabeled files (.Xauthority).
Summary: SELinux is preventing the kdm from using potentially mislabeled files (.Xauth...
Keywords:
Status: CLOSED DUPLICATE of bug 538428
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: i386
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:829693ae5ca...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-11-30 11:35 UTC by Maciek
Modified: 2009-11-30 11:51 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-11-30 11:51:20 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Maciek 2009-11-30 11:35:05 UTC 
Podsumowanie:

SELinux is preventing the kdm from using potentially mislabeled files
(.Xauthority).

Szczegółowy opis:

[SELinux jest w trybie zezwalania. Ten dostęp nie został odmówiony.]

SELinux has denied kdm access to potentially mislabeled file(s) (.Xauthority).
This means that SELinux will not allow kdm to use these files. It is common for
users to edit files in their home directory or tmp directories and then move
(mv) them to system directories. The problem is that the files end up with the
wrong file context which confined applications are not allowed to access.

Zezwalanie na dostęp:

If you want kdm to access this files, you need to relabel them using restorecon
-v '.Xauthority'. You might want to relabel the entire directory using
restorecon -R -v ''.

Dodatkowe informacje:

Kontekst źródłowy          system_u:system_r:xdm_t:s0-s0:c0.c1023
Kontekst docelowy             unconfined_u:object_r:xauth_home_t:s0
Obiekty docelowe              .Xauthority [ file ]
Źródło                     kdm
Ścieżka źródłowa         /usr/bin/kdm
Port                          <Nieznane>
Komputer                      (removed)
Źródłowe pakiety RPM       kdm-4.3.1-9.fc11
Docelowe pakiety RPM          
Pakiet RPM polityki           selinux-policy-3.6.12-83.fc11
SELinux jest włączony       True
Typ polityki                  targeted
Tryb wymuszania               Permissive
Nazwa wtyczki                 home_tmp_bad_labels
Nazwa komputera               (removed)
Platforma                     Linux (removed) 2.6.29.4-167.fc11.i686.PAE #1 SMP Wed
                              May 27 17:28:22 EDT 2009 i686 i686
Liczba alarmów               2
Po raz pierwszy               śro, 14 paź 2009, 01:39:07
Po raz ostatni                śro, 14 paź 2009, 01:39:07
Lokalny identyfikator         f000f757-fcf2-4fa5-b243-193fb564e72e
Liczba wierszy                

Surowe komunikaty audytu      

node=(removed) type=AVC msg=audit(1255477147.31:10): avc:  denied  { read } for  pid=1979 comm="kdm" name=".Xauthority" dev=sda2 ino=131876 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:xauth_home_t:s0 tclass=file

node=(removed) type=AVC msg=audit(1255477147.31:10): avc:  denied  { open } for  pid=1979 comm="kdm" name=".Xauthority" dev=sda2 ino=131876 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:xauth_home_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1255477147.31:10): arch=40000003 syscall=5 success=yes exit=7 a0=bff4ab3c a1=8000 a2=1b6 a3=8a47178 items=0 ppid=1865 pid=1979 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="kdm" exe="/usr/bin/kdm" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  selinux-policy-3.6.12-83.fc11,home_tmp_bad_labels,kdm,xdm_t,xauth_home_t,file,read
audit2allow suggests:

#============= xdm_t ==============
allow xdm_t xauth_home_t:file { read open };
Comment 1 Miroslav Grepl 2009-11-30 11:51:20 UTC 

*** This bug has been marked as a duplicate of bug 538428 ***
Note You need to log in before you can comment on or make changes to this bug.