Podsumowanie: SELinux is preventing gdm-session-wor (xdm_t) "write" to /home/szymek/.dmrc.0WZB1U (user_home_t). Szczegółowy opis: SELinux denied access requested by gdm-session-wor. The current boolean settings do not allow this access. If you have not setup gdm-session-wor to require this access this may signal an intrusion attempt. If you do intend this access you need to change the booleans on this system to allow the access. Zezwalanie na dostęp: Confined processes can be configured to to run requiring different access, SELinux provides booleans to allow you to turn on/off access as needed. The boolean allow_polyinstantiation is set incorrectly. Boolean Description: Enable polyinstantiated directory support. Polecenie naprawy: # setsebool -P allow_polyinstantiation 1 Dodatkowe informacje: Kontekst źródłowy system_u:system_r:xdm_t:s0-s0:c0.c1023 Kontekst docelowy unconfined_u:object_r:user_home_t:s0 Obiekty docelowe /home/szymek/.dmrc.0WZB1U [ file ] Źródło gdm-session-wor Ścieżka źródłowa /usr/libexec/gdm-session-worker Port <Nieznane> Komputer (removed) Źródłowe pakiety RPM gdm-2.26.1-13.fc11 Docelowe pakiety RPM Pakiet RPM polityki selinux-policy-3.6.12-83.fc11 SELinux jest włączony True Typ polityki targeted Tryb wymuszania Enforcing Nazwa wtyczki catchall_boolean Nazwa komputera (removed) Platforma Linux (removed) 2.6.30.8-64.fc11.i586 #1 SMP Fri Sep 25 04:30:19 EDT 2009 i686 i686 Liczba alarmów 1 Po raz pierwszy śro, 7 paź 2009, 14:59:00 Po raz ostatni śro, 7 paź 2009, 14:59:00 Lokalny identyfikator b90f6b0b-1aef-41d3-b4b9-1eaee3c642da Liczba wierszy Surowe komunikaty audytu node=(removed) type=AVC msg=audit(1254920340.479:109): avc: denied { write } for pid=7545 comm="gdm-session-wor" path="/home/szymek/.dmrc.0WZB1U" dev=dm-0 ino=2033636 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1254920340.479:109): arch=40000003 syscall=4 success=no exit=-13 a0=9 a1=b7f03000 a2=1a a3=1a items=0 ppid=7522 pid=7545 auid=501 uid=501 gid=500 euid=501 suid=501 fsuid=501 egid=500 sgid=500 fsgid=500 tty=(none) ses=10 comm="gdm-session-wor" exe="/usr/libexec/gdm-session-worker" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall_boolean,gdm-session-wor,xdm_t,user_home_t,file,write audit2allow suggests: #============= xdm_t ============== #!!!! This avc can be allowed using the boolean 'allow_polyinstantiation' allow xdm_t user_home_t:file write;
yum update *** This bug has been marked as a duplicate of bug 538428 ***