Zusammenfassung: SELinux is preventing /usr/bin/kdm "write" access on /root. Detaillierte Beschreibung: SELinux denied access requested by kdm. It is not expected that this access is required by kdm and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Zugriff erlauben: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Zusätzliche Informationen: Quellkontext system_u:system_r:xdm_t:s0-s0:c0.c1023 Zielkontext system_u:object_r:admin_home_t:s0 Zielobjekte /root [ dir ] Quelle kdm Quellen-Pfad /usr/bin/kdm Port <Unbekannt> Host (removed) Quellen-RPM-Pakete kdm-4.3.4-6.fc12 Ziel-RPM-Pakete filesystem-2.4.30-2.fc12 RPM-Richtlinie selinux-policy-3.6.32-73.fc12 SELinux aktiviert True Richtlinienversion targeted Enforcing-Modus Enforcing Plugin-Name catchall Hostname (removed) Plattform Linux (removed) 2.6.31.12-1.rt20.1.fc12.ccrma.x86_64.rt #1 SMP PREEMPT RT Thu Jan 21 22:08:01 EST 2010 x86_64 x86_64 Anzahl der Alarme 3 Zuerst gesehen Sa 30 Jan 2010 16:04:13 CET Zuletzt gesehen Sa 30 Jan 2010 17:44:46 CET Lokale ID 1626be7c-727b-451f-8a4b-93edfb24a99e Zeilennummern Raw-Audit-Meldungen node=(removed) type=AVC msg=audit(1264869886.792:34): avc: denied { write } for pid=4926 comm="kdm" name="root" dev=sda7 ino=106081 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1264869886.792:34): arch=c000003e syscall=2 success=no exit=-13 a0=7fffdcd9e0d0 a1=c1 a2=180 a3=7fffdcd9dcc0 items=0 ppid=2509 pid=4926 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="kdm" exe="/usr/bin/kdm" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.32-73.fc12,catchall,kdm,xdm_t,admin_home_t,dir,write audit2allow suggests: #============= xdm_t ============== #!!!! The source type 'xdm_t' can write to a 'dir' of the following types: # pcscd_var_run_t, var_lock_t, xkb_var_lib_t, xdm_rw_etc_t, root_t, tmp_t, var_t, user_fonts_t, user_tmpfs_t, xdm_spool_t, fonts_cache_t, user_home_dir_t, locale_t, var_auth_t, xserver_tmp_t, tmpfs_t, var_spool_t, user_tmp_t, var_lib_t, var_run_t, auth_cache_t, xdm_tmpfs_t, xserver_log_t, var_log_t, xdm_log_t, pam_var_run_t, xdm_var_lib_t, xdm_var_run_t, xdm_home_t, pam_var_console_t, root_t, nfs_t allow xdm_t admin_home_t:dir write;
*** This bug has been marked as a duplicate of bug 543970 ***