Summary: SELinux is preventing /usr/bin/xauth "write" access on joonlee. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by xauth. It is not expected that this access is required by xauth and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:home_root_t:s0 Target Objects joonlee [ dir ] Source xauth Source Path /usr/bin/xauth Port <Unknown> Host (removed) Source RPM Packages xorg-x11-xauth-1.0.2-7.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-89.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.31.12-174.2.22.fc12.x86_64 #1 SMP Fri Feb 19 18:55:03 UTC 2010 x86_64 x86_64 Alert Count 4 First Seen Fri 26 Feb 2010 12:58:57 PM EST Last Seen Fri 26 Feb 2010 12:58:57 PM EST Local ID 80e10269-2e50-4f42-9530-b8b80712c91e Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1267207137.399:34132): avc: denied { write } for pid=25008 comm="xauth" name="joonlee" dev=dm-0 ino=36831233 scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:home_root_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1267207137.399:34132): avc: denied { add_name } for pid=25008 comm="xauth" name=".Xauthority-c" scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:home_root_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1267207137.399:34132): avc: denied { create } for pid=25008 comm="xauth" name=".Xauthority-c" scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:home_root_t:s0 tclass=file node=(removed) type=AVC msg=audit(1267207137.399:34132): avc: denied { write open } for pid=25008 comm="xauth" name=".Xauthority-c" dev=dm-0 ino=36831242 scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:home_root_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1267207137.399:34132): arch=c000003e syscall=2 success=yes exit=3 a0=7fff05749b00 a1=c1 a2=180 a3=7fff057496f0 items=0 ppid=25007 pid=25008 auid=2473 uid=2473 gid=1002 euid=2473 suid=2473 fsuid=2473 egid=1002 sgid=1002 fsgid=1002 tty=pts6 ses=28 comm="xauth" exe="/usr/bin/xauth" subj=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,xauth,xauth_t,home_root_t,dir,write audit2allow suggests: #============= xauth_t ============== #!!!! The source type 'xauth_t' can write to a 'dir' of the following types: # xdm_var_run_t, tmp_t, admin_home_t, user_home_dir_t, nx_server_var_lib_t, xauth_tmp_t, user_tmp_t, var_lib_t, user_home_t, nfs_t allow xauth_t home_root_t:dir { write add_name }; allow xauth_t home_root_t:file create; #!!!! This avc has a dontaudit rule in the current policy allow xauth_t home_root_t:file { write open };
I think you have a mislabeled homedir. restorecon -R -v /home/ Should fix the joonlee directory should be labeled user_home_dir_t.
*** Bug 568841 has been marked as a duplicate of this bug. ***
*** Bug 568842 has been marked as a duplicate of this bug. ***
Yes, it should, but the homedir was auto-created during first login: authconfig --enablemkhomedir --update Do you know why it would be creating the home dir with the wrong label? Shouldn't it just label the home directory correctly?
*** This bug has been marked as a duplicate of bug 476784 ***