Summary: SELinux is preventing /usr/libexec/gdm-session-worker "write" access on /root. Detailed Description: SELinux denied access requested by gdm-session-wor. It is not expected that this access is required by gdm-session-wor and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:admin_home_t:s0 Target Objects /root [ dir ] Source gdm-session-wor Source Path /usr/libexec/gdm-session-worker Port <Unknown> Host (removed) Source RPM Packages gdm-2.28.1-25.fc12 Target RPM Packages filesystem-2.4.30-2.fc12 Policy RPM selinux-policy-3.6.32-59.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.31.9-174.fc12.i686.PAE #1 SMP Mon Dec 21 06:04:56 UTC 2009 i686 i686 Alert Count 2 First Seen Thu 14 Jan 2010 02:58:19 AM IST Last Seen Thu 14 Jan 2010 02:58:19 AM IST Local ID da183a7b-8e79-48d7-ac0f-711e9ab19dd9 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1263418099.784:26549): avc: denied { write } for pid=2344 comm="gdm-session-wor" name="root" dev=dm-0 ino=81921 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1263418099.784:26549): arch=40000003 syscall=5 success=no exit=-13 a0=85af200 a1=80c2 a2=180 a3=1f items=0 ppid=2326 pid=2344 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="gdm-session-wor" exe="/usr/libexec/gdm-session-worker" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,gdm-session-wor,xdm_t,admin_home_t,dir,write audit2allow suggests: #============= xdm_t ============== #!!!! The source type 'xdm_t' can write to a 'dir' of the following types: # var_log_t, xdm_log_t, pam_var_run_t, xdm_var_lib_t, xdm_var_run_t, xdm_home_t, pam_var_console_t, pcscd_var_run_t, var_lock_t, xkb_var_lib_t, xdm_rw_etc_t, root_t, tmp_t, var_t, user_fonts_t, user_tmpfs_t, xdm_spool_t, fonts_cache_t, user_home_dir_t, locale_t, var_auth_t, xserver_tmp_t, tmpfs_t, var_spool_t, user_tmp_t, var_lib_t, var_run_t, auth_cache_t, xdm_tmpfs_t, xserver_log_t, root_t, nfs_t allow xdm_t admin_home_t:dir write;
Are you attempting to login as root?
(In reply to comment #1) > Are you attempting to login as root? Yes, I've modified the user login screen so that it accepts the root login. That is the username root and the corresponding password is accepted. This feature was available at older version of fedora. Is that the problem?
SELinux will not allow you to login as root, you can put the machine into permissive mode or add custom policy to allow it to happen, but the default policy will never allow an X User to login dirrectly as root. It is considered too dangerous. *** This bug has been marked as a duplicate of bug 543970 ***