Bug 550364 - SELinux is preventing /usr/libexec/gdm-session-worker "read write" access on root.
Summary: SELinux is preventing /usr/libexec/gdm-session-worker "read write" access on ...
Keywords:
Status: CLOSED DUPLICATE of bug 543970
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: i386
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:d65f36a722e...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-12-24 18:45 UTC by dazeminu
Modified: 2010-01-30 14:00 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-12-27 13:02:46 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description dazeminu 2009-12-24 18:45:00 UTC 
요약:

SELinux is preventing /usr/libexec/gdm-session-worker "read write" access on
root.

상세 설명:

SELinux denied access requested by gdm-session-wor. It is not expected that this
access is required by gdm-session-wor and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

액세스 허용:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

자세한 정보:

소스 문맥                 system_u:system_r:xdm_t:s0-s0:c0.c1023
대상 문맥                 system_u:object_r:admin_home_t:s0
대상 객체                 root [ dir ]
소스                        gdm-session-wor
소스 경로                 /usr/libexec/gdm-session-worker
포트                        <알려지지 않음>
호스트                     (removed)
소스 RPM 패키지          gdm-2.28.1-25.fc12
대상 RPM 패키지          filesystem-2.4.30-2.fc12
정책 RPM                    selinux-policy-3.6.32-56.fc12
Selinux 활성화             True
정책 유형                 targeted
강제 모드                 Enforcing
플러그인명               catchall
호스트명                  (removed)
플랫폼                     Linux (removed)
                              2.6.31.5-127.fc12.i686.PAE #1 SMP Sat Nov 7
                              21:25:57 EST 2009 i686 athlon
통지 카운트              7
초기 화면                 2009년 12월 24일 (목) 오후 07시 24분 36초
마지막 화면              2009년 12월 25일 (금) 오전 03시 43분 37초
로컬 ID                     9e064302-b5de-40f8-a200-aa0113b7106c
줄 번호                    

원 감사 메세지          

node=(removed) type=AVC msg=audit(1261680217.935:24421): avc:  denied  { read write } for  pid=1488 comm="gdm-session-wor" name="root" dev=sda2 ino=2326529 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir

node=(removed) type=SYSCALL msg=audit(1261680217.935:24421): arch=40000003 syscall=33 success=no exit=-13 a0=9aee2a8 a1=7 a2=6301a4 a3=9b58a78 items=0 ppid=1431 pid=1488 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="gdm-session-wor" exe="/usr/libexec/gdm-session-worker" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  selinux-policy-3.6.32-56.fc12,catchall,gdm-session-wor,xdm_t,admin_home_t,dir,read,write
audit2allow suggests:

#============= xdm_t ==============
allow xdm_t admin_home_t:dir { read write };
Comment 1 Daniel Walsh 2009-12-27 13:02:46 UTC 

*** This bug has been marked as a duplicate of bug 543970 ***
Note You need to log in before you can comment on or make changes to this bug.