Bug 558287 - SELinux is preventing /sbin/setfiles "read" access on /var/spool/gdm/force-display-on-active-vt (deleted).
Summary: SELinux is preventing /sbin/setfiles "read" access on /var/spool/gdm/force-di...
Keywords:
Status: CLOSED DUPLICATE of bug 556643
Alias: None
Product: Fedora
Classification: Fedora
Component: kdebase-workspace
Version: 12
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Than Ngo
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:c6cd7081cd1...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-01-24 18:11 UTC by Alexander
Modified: 2010-01-31 18:57 UTC (History)
14 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2010-01-26 05:09:15 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Alexander 2010-01-24 18:11:17 UTC 
Zusammenfassung:

SELinux is preventing /sbin/setfiles "read" access on
/var/spool/gdm/force-display-on-active-vt (deleted).

Detaillierte Beschreibung:

[SELinux ist im Permissive-Modus. Dieser Zugriff wurde nicht verweigert.]

SELinux denied access requested by restorecon. It is not expected that this
access is required by restorecon and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Zugriff erlauben:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

Zusätzliche Informationen:

Quellkontext                  unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c102
                              3
Zielkontext                   system_u:object_r:xdm_spool_t:s0
Zielobjekte                   /var/spool/gdm/force-display-on-active-vt
                              (deleted) [ file ]
Quelle                        restorecon
Quellen-Pfad                  /sbin/setfiles
Port                          <Unbekannt>
Host                          (removed)
Quellen-RPM-Pakete            policycoreutils-2.0.78-7.fc12
Ziel-RPM-Pakete               
RPM-Richtlinie                selinux-policy-3.6.32-66.fc12
SELinux aktiviert             True
Richtlinienversion            targeted
Enforcing-Modus               Permissive
Plugin-Name                   catchall
Hostname                      (removed)
Plattform                     Linux (removed) 2.6.31.9-174.fc12.x86_64 #1 SMP
                              Mon Dec 21 05:33:33 UTC 2009 x86_64 x86_64
Anzahl der Alarme             18
Zuerst gesehen                Sa 16 Jan 2010 17:41:48 CET
Zuletzt gesehen               So 24 Jan 2010 18:45:21 CET
Lokale ID                     dc549374-38c2-41d9-9264-4e506618dd81
Zeilennummern                 

Raw-Audit-Meldungen           

node=(removed) type=AVC msg=audit(1264355121.377:13): avc:  denied  { read } for  pid=1878 comm="restorecon" path=2F7661722F73706F6F6C2F67646D2F666F7263652D646973706C61792D6F6E2D6163746976652D7674202864656C6574656429 dev=sda2 ino=8477 scontext=unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_spool_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1264355121.377:13): arch=c000003e syscall=59 success=yes exit=0 a0=e5c050 a1=e5bfb0 a2=e57db0 a3=18 items=0 ppid=1873 pid=1878 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="restorecon" exe="/sbin/setfiles" subj=unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  selinux-policy-3.6.32-66.fc12,catchall,restorecon,setfiles_t,xdm_spool_t,file,read
audit2allow suggests:

#============= setfiles_t ==============
allow setfiles_t xdm_spool_t:file read;
Comment 1 Kevin Kofler 2010-01-26 05:09:15 UTC 

*** This bug has been marked as a duplicate of bug 556643 ***
Note You need to log in before you can comment on or make changes to this bug.