Summary: SELinux is preventing gdm-session-wor (xdm_t) "write" to .xsession-errors (user_home_t). Detailed Description: [gdm-session-wor has a permissive type (xdm_t). This access was not denied.] SELinux denied access requested by gdm-session-wor. The current boolean settings do not allow this access. If you have not setup gdm-session-wor to require this access this may signal an intrusion attempt. If you do intend this access you need to change the booleans on this system to allow the access. Allowing Access: Confined processes can be configured to to run requiring different access, SELinux provides booleans to allow you to turn on/off access as needed. The boolean allow_polyinstantiation is set incorrectly. Boolean Description: Enable polyinstantiated directory support. Fix Command: # setsebool -P allow_polyinstantiation 1 Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:user_home_t:s0 Target Objects .xsession-errors [ file ] Source gdm-session-wor Source Path /usr/libexec/gdm-session-worker Port <Unknown> Host (removed) Source RPM Packages gdm-2.26.1-13.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.12-82.fc11 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall_boolean Host Name (removed) Platform Linux (removed) 2.6.30.5-43.fc11.x86_64 #1 SMP Thu Aug 27 21:39:52 EDT 2009 x86_64 x86_64 Alert Count 2 First Seen Sun 27 Sep 2009 01:46:47 PM CEST Last Seen Sun 27 Sep 2009 01:46:47 PM CEST Local ID 603f118f-634a-4da5-9f1c-20438ad1c2d5 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1254052007.992:32462): avc: denied { write } for pid=2885 comm="gdm-session-wor" name=".xsession-errors" dev=dm-1 ino=28830 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1254052007.992:32462): arch=c000003e syscall=77 success=yes exit=0 a0=9 a1=0 a2=7fff34ed4780 a3=4 items=0 ppid=2839 pid=2885 auid=501 uid=501 gid=501 euid=501 suid=501 fsuid=501 egid=501 sgid=501 fsgid=501 tty=(none) ses=2 comm="gdm-session-wor" exe="/usr/libexec/gdm-session-worker" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.12-82.fc11,catchall_boolean,gdm-session-wor,xdm_t,user_home_t,file,write audit2allow suggests: #============= xdm_t ============== #!!!! This avc is allowed in the current policy allow xdm_t user_home_t:file write;
*** Bug 560217 has been marked as a duplicate of this bug. ***
*** Bug 560218 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of bug 538428 ***