Bug 566178 - SELinux is preventing the ck-get-x11-serv from using potentially mislabeled files (/root/.Xauthority).
Summary: SELinux is preventing the ck-get-x11-serv from using potentially mislabeled f...
Keywords:
Status: CLOSED DUPLICATE of bug 538428
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: i386
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:6673330c4b4...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-02-17 14:54 UTC by Gianpietro
Modified: 2010-06-02 01:01 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-02-17 16:01:26 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Gianpietro 2010-02-17 14:54:39 UTC 
Sommario:

SELinux is preventing the ck-get-x11-serv from using potentially mislabeled
files (/root/.Xauthority).

Descrizione dettagliata:

SELinux has denied ck-get-x11-serv access to potentially mislabeled file(s)
(/root/.Xauthority). This means that SELinux will not allow ck-get-x11-serv to
use these files. It is common for users to edit files in their home directory or
tmp directories and then move (mv) them to system directories. The problem is
that the files end up with the wrong file context which confined applications
are not allowed to access.

Abilitazione accesso in corso:

If you want ck-get-x11-serv to access this files, you need to relabel them using
restorecon -v '/root/.Xauthority'. You might want to relabel the entire
directory using restorecon -R -v '/root'.

Informazioni aggiuntive:

Contesto della sorgente       system_u:system_r:consolekit_t:s0-s0:c0.c1023
Contesto target               unconfined_u:object_r:admin_home_t:s0
Oggetti target                /root/.Xauthority [ file ]
Sorgente                      ck-get-x11-serv
Percorso della sorgente       /usr/libexec/ck-get-x11-server-pid
Porta                         <Sconosciuto>
Host                          (removed)
Sorgente Pacchetti RPM        ConsoleKit-x11-0.3.0-8.fc11
Pacchetti RPM target          
RPM della policy              selinux-policy-3.6.12-62.fc11
Selinux abilitato             True
Tipo di policy                targeted
Modalità Enforcing           Enforcing
Nome plugin                   home_tmp_bad_labels
Host Name                     (removed)
Piattaforma                   Linux (removed) 2.6.29.5-191.fc11.i586 #1
                              SMP Tue Jun 16 23:11:39 EDT 2009 i686 i686
Conteggio avvisi              3
Primo visto                   mer 22 lug 2009 01:05:58 CEST
Ultimo visto                  mer 22 lug 2009 13:09:50 CEST
ID locale                     d6a48e4d-fd37-4340-82ac-04a49292b794
Numeri di linea               

Messaggi Raw Audit            

node=(removed) type=AVC msg=audit(1248260990.888:54): avc:  denied  { read } for  pid=5255 comm="ck-get-x11-serv" name=".Xauthority" dev=sda2 ino=2539534 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1248260990.888:54): arch=40000003 syscall=33 success=no exit=-13 a0=bf9aafbc a1=4 a2=a15a60 a3=bf9aafbc items=0 ppid=5254 pid=5255 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ck-get-x11-serv" exe="/usr/libexec/ck-get-x11-server-pid" subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  home_tmp_bad_labels,ck-get-x11-serv,consolekit_t,admin_home_t,file,read
audit2allow suggests:

#============= consolekit_t ==============
allow consolekit_t admin_home_t:file read;
Comment 1 Daniel Walsh 2010-02-17 16:01:26 UTC 

*** This bug has been marked as a duplicate of bug 538428 ***
Note You need to log in before you can comment on or make changes to this bug.