Bug 544909 - SELinux is preventing the ck-get-x11-serv from using potentially mislabeled files (.Xauthority).
Summary: SELinux is preventing the ck-get-x11-serv from using potentially mislabeled f...
Keywords:
Status: CLOSED DUPLICATE of bug 538428
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:f88947e228d...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-12-07 01:29 UTC by euroford
Modified: 2009-12-07 21:04 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-12-07 21:04:53 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description euroford 2009-12-07 01:29:40 UTC 
概述:

SELinux is preventing the ck-get-x11-serv from using potentially mislabeled
files (.Xauthority).

详细描述:

SELinux has denied ck-get-x11-serv access to potentially mislabeled file(s)
(.Xauthority). This means that SELinux will not allow ck-get-x11-serv to use
these files. It is common for users to edit files in their home directory or tmp
directories and then move (mv) them to system directories. The problem is that
the files end up with the wrong file context which confined applications are not
allowed to access.

允许访问:

If you want ck-get-x11-serv to access this files, you need to relabel them using
restorecon -v '.Xauthority'. You might want to relabel the entire directory
using restorecon -R -v ''.

附加信息:

源上下文                  system_u:system_r:consolekit_t:s0-s0:c0.c1023
目标上下文               unconfined_u:object_r:admin_home_t:s0
目标对象                  .Xauthority [ file ]
源                           ck-get-x11-serv
源路径                     /usr/libexec/ck-get-x11-server-pid
端口                        <未知>
主机                        (removed)
源 RPM 软件包             ConsoleKit-x11-0.3.0-8.fc11
目标 RPM 软件包          
策略 RPM                    selinux-policy-3.6.12-85.fc11
启用 Selinux                True
策略类型                  targeted
Enforcing 模式              Enforcing
插件名称                  home_tmp_bad_labels
主机名                     (removed)
平台                        Linux (removed) 2.6.30.8-64.fc11.x86_64 #1 SMP Fri
                              Sep 25 04:43:32 EDT 2009 x86_64 x86_64
警报计数                  1
第一个                     2009年10月23日 星期五 13时24分02秒
最后一个                  2009年10月23日 星期五 13时24分02秒
本地 ID                     3783ef4f-25de-4cdd-8a58-258b42bc2fa0
行号                        

原始核查信息            

node=(removed) type=AVC msg=audit(1256275442.131:28594): avc:  denied  { read } for  pid=13294 comm="ck-get-x11-serv" name=".Xauthority" dev=sda2 ino=20946 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1256275442.131:28594): arch=c000003e syscall=21 success=no exit=-13 a0=7fffe9621fb8 a1=4 a2=0 a3=7fffe96217d3 items=0 ppid=13293 pid=13294 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ck-get-x11-serv" exe="/usr/libexec/ck-get-x11-server-pid" subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  selinux-policy-3.6.12-85.fc11,home_tmp_bad_labels,ck-get-x11-serv,consolekit_t,admin_home_t,file,read
audit2allow suggests:

#============= consolekit_t ==============
allow consolekit_t admin_home_t:file read;
Comment 1 Daniel Walsh 2009-12-07 21:04:53 UTC 

*** This bug has been marked as a duplicate of bug 538428 ***
Note You need to log in before you can comment on or make changes to this bug.