Bug 545412 - SELinux is preventing /usr/bin/kdm "write" access on /root.
Summary: SELinux is preventing /usr/bin/kdm "write" access on /root.
Status: CLOSED DUPLICATE of bug 543970
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
Whiteboard: setroubleshoot_trace_hash:c2c51ceac45...
Depends On:
TreeView+ depends on / blocked
Reported: 2009-12-08 14:18 UTC by adamus1117
Modified: 2009-12-18 03:57 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-12-09 13:35:01 UTC

Attachments (Terms of Use)

Description adamus1117 2009-12-08 14:18:49 UTC

SELinux is preventing /usr/bin/kdm "write" access on /root.

Részletes jellemzés:

SELinux denied access requested by kdm. It is not expected that this access is
required by kdm and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Hozzáférés engedélyezés:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug

További tájékoztatás:

Forrás környezet            system_u:system_r:xdm_t:s0-s0:c0.c1023
Cél környezet               system_u:object_r:admin_home_t:s0
Cél tárgyak                 /root [ dir ]
Forrás                       kdm
Forrás ösvény              /usr/bin/kdm
Kapu                          <Ismeretlen>
Gazda                         (removed)
Forrás RPM csomagok          kdm-4.3.3-7.fc12.1
Cél RPM csomagok             filesystem-2.4.30-2.fc12
Szabályzat RPM               selinux-policy-3.6.32-55.fc12
SELinux bekapcsolva           True
Szabályzat típus            targeted
Kényszerítő mód           Enforcing
Dugasz név                   catchall
Gazda név                    (removed)
Platform                      Linux (removed) #1 SMP
                              Fri Dec 4 00:06:26 EST 2009 x86_64 x86_64
Riasztás szám               1
Először                     2009. dec.  8., kedd, 15.15.04 CET
Utoljára                     2009. dec.  8., kedd, 15.15.04 CET
Helyi azonosító             2e846a7f-0d88-45eb-a227-627cfeb19697
Sor számok                   

Nyers vizsgálat üzenetek    

node=(removed) type=AVC msg=audit(1260281704.532:19514): avc:  denied  { write } for  pid=5132 comm="kdm" name="root" dev=sda1 ino=73730 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir

node=(removed) type=SYSCALL msg=audit(1260281704.532:19514): arch=c000003e syscall=2 success=no exit=-13 a0=7fff6ad8ae80 a1=c1 a2=180 a3=7fff6ad8aa70 items=0 ppid=2361 pid=5132 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="kdm" exe="/usr/bin/kdm" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

Hash String generated from  selinux-policy-3.6.32-55.fc12,catchall,kdm,xdm_t,admin_home_t,dir,write
audit2allow suggests:

#============= xdm_t ==============
allow xdm_t admin_home_t:dir write;

Comment 1 Daniel Walsh 2009-12-09 13:35:01 UTC

*** This bug has been marked as a duplicate of bug 543970 ***

Note You need to log in before you can comment on or make changes to this bug.