Bug 573761 - selinux policy denies lxdm
selinux policy denies lxdm
Status: CLOSED DUPLICATE of bug 573828
Product: Fedora
Classification: Fedora
Component: lxdm (Show other bugs)
12
All Linux
low Severity medium
: ---
: ---
Assigned To: Christoph Wickert
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-03-15 13:58 EDT by d. johnson
Modified: 2010-03-16 10:17 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-03-16 10:17:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description d. johnson 2010-03-15 13:58:40 EDT
Description of problem:

Selinux policy denies login if you use LXDM.

Version-Release number of selected component (if applicable):

selinux-policy-3.6.32-99.fc12
lxdm-0.1.0-0.1.fc12

How reproducible:

Every time.

Steps to Reproduce:
1. Install lxdm
2. echo 'DISPLAYMANAGER=/usr/bin/lxdm' > /etc/sysconfig/desktop
3. Attempt to login.
  
Actual results:

AVC's attached. Actual login denied.

Expected results:

Permitted login.

Additional info:

##############################################################################
### file 1 of 2: ausearch-m-avc.txt
##############################################################################
----
time->Mon Mar 15 12:36:49 2010
type=SYSCALL msg=audit(1268674609.490:54474): arch=40000003 syscall=5 success=no exit=-13 a0=bf8520eb a1=c1 a2=180 a3=a items=0 ppid=1110 pid=1113 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xauth" exe="/usr/bin/xauth" subj=system_u:system_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268674609.490:54474): avc:  denied  { write } for  pid=1113 comm="xauth" name="run" dev=sdb6 ino=16392 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
----
time->Mon Mar 15 12:36:51 2010
type=SYSCALL msg=audit(1268674611.491:54475): arch=40000003 syscall=5 success=no exit=-13 a0=bf8520eb a1=c1 a2=180 a3=9 items=0 ppid=1110 pid=1113 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xauth" exe="/usr/bin/xauth" subj=system_u:system_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268674611.491:54475): avc:  denied  { write } for  pid=1113 comm="xauth" name="run" dev=sdb6 ino=16392 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
----
time->Mon Mar 15 12:36:53 2010
type=SYSCALL msg=audit(1268674613.492:54476): arch=40000003 syscall=5 success=no exit=-13 a0=bf8520eb a1=c1 a2=180 a3=8 items=0 ppid=1110 pid=1113 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xauth" exe="/usr/bin/xauth" subj=system_u:system_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268674613.492:54476): avc:  denied  { write } for  pid=1113 comm="xauth" name="run" dev=sdb6 ino=16392 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
----
time->Mon Mar 15 12:36:55 2010
type=SYSCALL msg=audit(1268674615.492:54477): arch=40000003 syscall=5 success=no exit=-13 a0=bf8520eb a1=c1 a2=180 a3=7 items=0 ppid=1110 pid=1113 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xauth" exe="/usr/bin/xauth" subj=system_u:system_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268674615.492:54477): avc:  denied  { write } for  pid=1113 comm="xauth" name="run" dev=sdb6 ino=16392 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
----
time->Mon Mar 15 12:36:57 2010
type=SYSCALL msg=audit(1268674617.492:54478): arch=40000003 syscall=5 success=no exit=-13 a0=bf8520eb a1=c1 a2=180 a3=6 items=0 ppid=1110 pid=1113 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xauth" exe="/usr/bin/xauth" subj=system_u:system_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268674617.492:54478): avc:  denied  { write } for  pid=1113 comm="xauth" name="run" dev=sdb6 ino=16392 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
----
time->Mon Mar 15 12:36:59 2010
type=SYSCALL msg=audit(1268674619.492:54479): arch=40000003 syscall=5 success=no exit=-13 a0=bf8520eb a1=c1 a2=180 a3=5 items=0 ppid=1110 pid=1113 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xauth" exe="/usr/bin/xauth" subj=system_u:system_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268674619.492:54479): avc:  denied  { write } for  pid=1113 comm="xauth" name="run" dev=sdb6 ino=16392 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
----
time->Mon Mar 15 12:37:01 2010
type=SYSCALL msg=audit(1268674621.493:54480): arch=40000003 syscall=5 success=no exit=-13 a0=bf8520eb a1=c1 a2=180 a3=4 items=0 ppid=1110 pid=1113 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xauth" exe="/usr/bin/xauth" subj=system_u:system_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268674621.493:54480): avc:  denied  { write } for  pid=1113 comm="xauth" name="run" dev=sdb6 ino=16392 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
----
time->Mon Mar 15 12:37:03 2010
type=SYSCALL msg=audit(1268674623.493:54481): arch=40000003 syscall=5 success=no exit=-13 a0=bf8520eb a1=c1 a2=180 a3=3 items=0 ppid=1110 pid=1113 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xauth" exe="/usr/bin/xauth" subj=system_u:system_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268674623.493:54481): avc:  denied  { write } for  pid=1113 comm="xauth" name="run" dev=sdb6 ino=16392 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
----
time->Mon Mar 15 12:37:07 2010
type=SYSCALL msg=audit(1268674627.494:54483): arch=40000003 syscall=5 success=no exit=-13 a0=bf8520eb a1=c1 a2=180 a3=1 items=0 ppid=1110 pid=1113 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xauth" exe="/usr/bin/xauth" subj=system_u:system_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268674627.494:54483): avc:  denied  { write } for  pid=1113 comm="xauth" name="run" dev=sdb6 ino=16392 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
----
time->Mon Mar 15 12:37:05 2010
type=SYSCALL msg=audit(1268674625.493:54482): arch=40000003 syscall=5 success=no exit=-13 a0=bf8520eb a1=c1 a2=180 a3=2 items=0 ppid=1110 pid=1113 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xauth" exe="/usr/bin/xauth" subj=system_u:system_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268674625.493:54482): avc:  denied  { write } for  pid=1113 comm="xauth" name="run" dev=sdb6 ino=16392 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
----
time->Mon Mar 15 12:41:48 2010
type=SYSCALL msg=audit(1268674908.202:54496): arch=40000003 syscall=5 success=no exit=-13 a0=89d3170 a1=80c2 a2=1b6 a3=23 items=0 ppid=1110 pid=1121 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lxdm-greeter-gt" exe="/usr/bin/lxdm-greeter-gtk" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268674908.202:54496): avc:  denied  { write } for  pid=1121 comm="lxdm-greeter-gt" name="lxdm" dev=sdb2 ino=396795 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=dir
----
time->Mon Mar 15 12:41:53 2010
type=SYSCALL msg=audit(1268674913.140:54497): arch=40000003 syscall=5 success=no exit=-13 a0=8bed4a0 a1=80c2 a2=1b6 a3=23 items=0 ppid=1110 pid=1121 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lxdm-greeter-gt" exe="/usr/bin/lxdm-greeter-gtk" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268674913.140:54497): avc:  denied  { write } for  pid=1121 comm="lxdm-greeter-gt" name="lxdm" dev=sdb2 ino=396795 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=dir
----
time->Mon Mar 15 12:42:57 2010
type=SYSCALL msg=audit(1268674977.283:54500): arch=40000003 syscall=9 success=yes exit=0 a0=bfe2ccfb a1=bfe2c8fa a2=d24bb8 a3=a items=0 ppid=1951 pid=1953 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xauth" exe="/usr/bin/xauth" subj=system_u:system_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268674977.283:54500): avc:  denied  { link } for  pid=1953 comm="xauth" name="lxdm.auth-c" dev=sdb6 ino=1229 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file
----
time->Mon Mar 15 12:42:57 2010
type=SYSCALL msg=audit(1268674977.282:54499): arch=40000003 syscall=5 success=yes exit=3 a0=bfe2ccfb a1=c1 a2=180 a3=a items=0 ppid=1951 pid=1953 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xauth" exe="/usr/bin/xauth" subj=system_u:system_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268674977.282:54499): avc:  denied  { write open } for  pid=1953 comm="xauth" name="lxdm.auth-c" dev=sdb6 ino=1229 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=AVC msg=audit(1268674977.282:54499): avc:  denied  { create } for  pid=1953 comm="xauth" name="lxdm.auth-c" scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=AVC msg=audit(1268674977.282:54499): avc:  denied  { add_name } for  pid=1953 comm="xauth" name="lxdm.auth-c" scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
type=AVC msg=audit(1268674977.282:54499): avc:  denied  { write } for  pid=1953 comm="xauth" name="run" dev=sdb6 ino=16392 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
----
time->Mon Mar 15 12:42:57 2010
type=SYSCALL msg=audit(1268674977.283:54501): arch=40000003 syscall=10 success=yes exit=0 a0=bfe2cd4c a1=bfe2cd4c a2=0 a3=9d0b0d2 items=0 ppid=1951 pid=1953 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xauth" exe="/usr/bin/xauth" subj=system_u:system_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268674977.283:54501): avc:  denied  { unlink } for  pid=1953 comm="xauth" name="lxdm.auth-n" dev=sdb6 ino=1230 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=AVC msg=audit(1268674977.283:54501): avc:  denied  { remove_name } for  pid=1953 comm="xauth" name="lxdm.auth-n" dev=sdb6 ino=1230 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
----
time->Mon Mar 15 12:43:36 2010
type=SYSCALL msg=audit(1268675016.056:54503): arch=40000003 syscall=38 success=yes exit=0 a0=9424fa0 a1=804dca3 a2=b7f1a4 a3=b7702ab8 items=0 ppid=1951 pid=1958 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lxdm-greeter-gt" exe="/usr/bin/lxdm-greeter-gtk" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675016.056:54503): avc:  denied  { unlink } for  pid=1958 comm="lxdm-greeter-gt" name="lxdm.conf" dev=sdb2 ino=401837 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
type=AVC msg=audit(1268675016.056:54503): avc:  denied  { rename } for  pid=1958 comm="lxdm-greeter-gt" name="lxdm.conf.BKUM9U" dev=sdb2 ino=393910 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
type=AVC msg=audit(1268675016.056:54503): avc:  denied  { remove_name } for  pid=1958 comm="lxdm-greeter-gt" name="lxdm.conf.BKUM9U" dev=sdb2 ino=393910 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=dir
----
time->Mon Mar 15 12:43:36 2010
type=SYSCALL msg=audit(1268675016.046:54502): arch=40000003 syscall=5 success=yes exit=5 a0=91f9860 a1=80c2 a2=1b6 a3=23 items=0 ppid=1951 pid=1958 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lxdm-greeter-gt" exe="/usr/bin/lxdm-greeter-gtk" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675016.046:54502): avc:  denied  { write } for  pid=1958 comm="lxdm-greeter-gt" name="lxdm.conf.BKUM9U" dev=sdb2 ino=393910 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
type=AVC msg=audit(1268675016.046:54502): avc:  denied  { create } for  pid=1958 comm="lxdm-greeter-gt" name="lxdm.conf.BKUM9U" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
type=AVC msg=audit(1268675016.046:54502): avc:  denied  { add_name } for  pid=1958 comm="lxdm-greeter-gt" name="lxdm.conf.BKUM9U" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=dir
type=AVC msg=audit(1268675016.046:54502): avc:  denied  { write } for  pid=1958 comm="lxdm-greeter-gt" name="lxdm" dev=sdb2 ino=396795 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=dir
----
time->Mon Mar 15 12:43:39 2010
type=SYSCALL msg=audit(1268675019.230:54508): arch=40000003 syscall=5 success=yes exit=6 a0=88c0880 a1=241 a2=1b6 a3=14d7c1 items=0 ppid=2065 pid=2369 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="ibus-daemon" exe="/usr/bin/ibus-daemon" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675019.230:54508): avc:  denied  { write } for  pid=2369 comm="ibus-daemon" name="71b882ba52e52c1376349c374aff3dfc-unix-0" dev=sdb3 ino=395025 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gnome_home_t:s0 tclass=file
type=AVC msg=audit(1268675019.230:54508): avc:  denied  { create } for  pid=2369 comm="ibus-daemon" name="71b882ba52e52c1376349c374aff3dfc-unix-0" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gnome_home_t:s0 tclass=file
type=AVC msg=audit(1268675019.230:54508): avc:  denied  { add_name } for  pid=2369 comm="ibus-daemon" name="71b882ba52e52c1376349c374aff3dfc-unix-0" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gnome_home_t:s0 tclass=dir
----
time->Mon Mar 15 12:43:38 2010
type=SYSCALL msg=audit(1268675018.286:54504): arch=40000003 syscall=5 success=yes exit=13 a0=a019148 a1=41 a2=1c0 a3=a019148 items=0 ppid=1 pid=2146 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675018.286:54504): avc:  denied  { write } for  pid=2146 comm="gconfd-2" name=".testing.writeability" dev=sdb3 ino=97 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gconf_home_t:s0 tclass=file
type=AVC msg=audit(1268675018.286:54504): avc:  denied  { create } for  pid=2146 comm="gconfd-2" name=".testing.writeability" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gconf_home_t:s0 tclass=file
type=AVC msg=audit(1268675018.286:54504): avc:  denied  { add_name } for  pid=2146 comm="gconfd-2" name=".testing.writeability" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir
type=AVC msg=audit(1268675018.286:54504): avc:  denied  { write } for  pid=2146 comm="gconfd-2" name=".gconf" dev=sdb3 ino=73730 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir
----
time->Mon Mar 15 12:43:38 2010
type=SYSCALL msg=audit(1268675018.306:54505): arch=40000003 syscall=10 success=yes exit=0 a0=a019148 a1=41 a2=1f81a4 a3=a019148 items=0 ppid=1 pid=2146 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675018.306:54505): avc:  denied  { unlink } for  pid=2146 comm="gconfd-2" name=".testing.writeability" dev=sdb3 ino=97 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gconf_home_t:s0 tclass=file
type=AVC msg=audit(1268675018.306:54505): avc:  denied  { remove_name } for  pid=2146 comm="gconfd-2" name=".testing.writeability" dev=sdb3 ino=97 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir
----
time->Mon Mar 15 12:43:39 2010
type=SYSCALL msg=audit(1268675019.887:54509): arch=40000003 syscall=15 success=yes exit=0 a0=a1d5f68 a1=8180 a2=207218 a3=0 items=0 ppid=1 pid=2146 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675019.887:54509): avc:  denied  { setattr } for  pid=2146 comm="gconfd-2" name="%gconf.xml.new" dev=sdb3 ino=262314 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gconf_home_t:s0 tclass=file
----
time->Mon Mar 15 12:43:38 2010
type=SYSCALL msg=audit(1268675018.532:54506): arch=40000003 syscall=5 success=yes exit=14 a0=a015010 a1=441 a2=1b6 a3=8052ead items=0 ppid=1 pid=2146 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675018.532:54506): avc:  denied  { append } for  pid=2146 comm="gconfd-2" name="saved_state" dev=sdb3 ino=355 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=file
----
time->Mon Mar 15 12:43:39 2010
type=SYSCALL msg=audit(1268675019.202:54507): arch=40000003 syscall=10 success=yes exit=0 a0=88c0880 a1=9e8390 a2=b7f1a4 a3=88c41c8 items=0 ppid=2065 pid=2369 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="ibus-daemon" exe="/usr/bin/ibus-daemon" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675019.202:54507): avc:  denied  { unlink } for  pid=2369 comm="ibus-daemon" name="71b882ba52e52c1376349c374aff3dfc-unix-0" dev=sdb3 ino=395025 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gnome_home_t:s0 tclass=file
type=AVC msg=audit(1268675019.202:54507): avc:  denied  { remove_name } for  pid=2369 comm="ibus-daemon" name="71b882ba52e52c1376349c374aff3dfc-unix-0" dev=sdb3 ino=395025 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gnome_home_t:s0 tclass=dir
type=AVC msg=audit(1268675019.202:54507): avc:  denied  { write } for  pid=2369 comm="ibus-daemon" name="bus" dev=sdb3 ino=407922 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gnome_home_t:s0 tclass=dir
----
time->Mon Mar 15 12:43:39 2010
type=SYSCALL msg=audit(1268675019.887:54510): arch=40000003 syscall=38 success=yes exit=0 a0=a1d5f68 a1=a1d55e0 a2=207218 a3=0 items=0 ppid=1 pid=2146 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675019.887:54510): avc:  denied  { unlink } for  pid=2146 comm="gconfd-2" name="%gconf.xml" dev=sdb3 ino=262172 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=file
type=AVC msg=audit(1268675019.887:54510): avc:  denied  { rename } for  pid=2146 comm="gconfd-2" name="%gconf.xml.new" dev=sdb3 ino=262314 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gconf_home_t:s0 tclass=file
----
time->Mon Mar 15 12:43:39 2010
type=SYSCALL msg=audit(1268675019.906:54511): arch=40000003 syscall=192 success=yes exit=14614528 a0=0 a1=1000 a2=5 a3=1 items=0 ppid=2369 pid=2396 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675019.906:54511): avc:  denied  { execute } for  pid=2396 comm="python" path=2F746D702F666669724F7378546C202864656C6574656429 dev=tmpfs ino=15049289 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
----
time->Mon Mar 15 12:43:40 2010
type=SYSCALL msg=audit(1268675020.858:54512): arch=40000003 syscall=33 success=yes exit=0 a0=94fc128 a1=4 a2=42e1a8 a3=bff65f2d items=0 ppid=2369 pid=2396 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675020.858:54512): avc:  denied  { read } for  pid=2396 comm="python" name=".fonts.conf" dev=sdb3 ino=61 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_fonts_config_t:s0 tclass=file
----
time->Mon Mar 15 12:43:40 2010
type=SYSCALL msg=audit(1268675020.859:54513): arch=40000003 syscall=195 success=yes exit=0 a0=94fc128 a1=bff5f32c a2=9e6ff4 a3=3 items=0 ppid=2369 pid=2396 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675020.859:54513): avc:  denied  { getattr } for  pid=2396 comm="python" path="/home/dj/.fonts.conf" dev=sdb3 ino=61 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_fonts_config_t:s0 tclass=file
----
time->Mon Mar 15 12:43:40 2010
type=SYSCALL msg=audit(1268675020.859:54514): arch=40000003 syscall=5 success=yes exit=10 a0=94fc128 a1=0 a2=8e1c6d a3=bff602ac items=0 ppid=2369 pid=2396 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675020.859:54514): avc:  denied  { open } for  pid=2396 comm="python" name=".fonts.conf" dev=sdb3 ino=61 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_fonts_config_t:s0 tclass=file
----
time->Mon Mar 15 12:44:08 2010
type=SYSCALL msg=audit(1268675048.880:54516): arch=40000003 syscall=5 success=yes exit=14 a0=a01a570 a1=241 a2=1c0 a3=a01a570 items=0 ppid=1 pid=2146 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675048.880:54516): avc:  denied  { add_name } for  pid=2146 comm="gconfd-2" name="saved_state.tmp" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir
type=AVC msg=audit(1268675048.880:54516): avc:  denied  { write } for  pid=2146 comm="gconfd-2" name=".gconfd" dev=sdb3 ino=81921 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir
----
time->Mon Mar 15 12:44:08 2010
type=SYSCALL msg=audit(1268675048.883:54517): arch=40000003 syscall=38 success=yes exit=0 a0=a015dd8 a1=a1d6a80 a2=a1d6c20 a3=a01a570 items=0 ppid=1 pid=2146 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675048.883:54517): avc:  denied  { rename } for  pid=2146 comm="gconfd-2" name="saved_state" dev=sdb3 ino=355 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=file
type=AVC msg=audit(1268675048.883:54517): avc:  denied  { remove_name } for  pid=2146 comm="gconfd-2" name="saved_state" dev=sdb3 ino=355 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir
----
time->Mon Mar 15 12:44:08 2010
type=SYSCALL msg=audit(1268675048.883:54518): arch=40000003 syscall=10 success=yes exit=0 a0=a1d6a80 a1=a015dd8 a2=1f81a4 a3=a01a570 items=0 ppid=1 pid=2146 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675048.883:54518): avc:  denied  { unlink } for  pid=2146 comm="gconfd-2" name="saved_state.orig" dev=sdb3 ino=355 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=file
----
time->Mon Mar 15 12:44:08 2010
type=SYSCALL msg=audit(1268675048.879:54515): arch=40000003 syscall=5 success=yes exit=14 a0=a1d72e8 a1=441 a2=1b6 a3=8052ead items=0 ppid=1 pid=2146 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675048.879:54515): avc:  denied  { append } for  pid=2146 comm="gconfd-2" name="saved_state" dev=sdb3 ino=355 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=file
----
time->Mon Mar 15 12:46:22 2010
type=SYSCALL msg=audit(1268675182.432:54526): arch=40000003 syscall=5 success=no exit=-13 a0=a1d5958 a1=241 a2=1c0 a3=a1d5958 items=0 ppid=1 pid=2146 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675182.432:54526): avc:  denied  { write } for  pid=2146 comm="gconfd-2" name=".gconfd" dev=sdb3 ino=81921 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir
----
time->Mon Mar 15 12:47:04 2010
type=SYSCALL msg=audit(1268675224.022:54530): arch=40000003 syscall=5 success=yes exit=3 a0=bfe1dacb a1=c1 a2=180 a3=a items=0 ppid=3286 pid=3288 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xauth" exe="/usr/bin/xauth" subj=system_u:system_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675224.022:54530): avc:  denied  { write open } for  pid=3288 comm="xauth" name="lxdm.auth-c" dev=sdb6 ino=1036 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=AVC msg=audit(1268675224.022:54530): avc:  denied  { create } for  pid=3288 comm="xauth" name="lxdm.auth-c" scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=AVC msg=audit(1268675224.022:54530): avc:  denied  { add_name } for  pid=3288 comm="xauth" name="lxdm.auth-c" scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
type=AVC msg=audit(1268675224.022:54530): avc:  denied  { write } for  pid=3288 comm="xauth" name="run" dev=sdb6 ino=16392 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
----
time->Mon Mar 15 12:47:04 2010
type=SYSCALL msg=audit(1268675224.022:54531): arch=40000003 syscall=9 success=yes exit=0 a0=bfe1dacb a1=bfe1d6ca a2=d24bb8 a3=a items=0 ppid=3286 pid=3288 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xauth" exe="/usr/bin/xauth" subj=system_u:system_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675224.022:54531): avc:  denied  { link } for  pid=3288 comm="xauth" name="lxdm.auth-c" dev=sdb6 ino=1036 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file
----
time->Mon Mar 15 12:47:03 2010
type=SYSCALL msg=audit(1268675223.989:54529): arch=40000003 syscall=11 success=yes exit=0 a0=9ada85 a1=bfd37744 a2=86c1340 a3=bfd37764 items=0 ppid=3286 pid=3288 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/bash" subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675223.989:54529): avc:  denied  { noatsecure } for  pid=3288 comm="sh" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1268675223.989:54529): avc:  denied  { siginh } for  pid=3288 comm="sh" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=process
----
time->Mon Mar 15 12:47:04 2010
type=SYSCALL msg=audit(1268675224.023:54532): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfe1d93c a2=280ff4 a3=82a70f0 items=0 ppid=3286 pid=3288 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xauth" exe="/usr/bin/xauth" subj=system_u:system_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675224.023:54532): avc:  denied  { getattr } for  pid=3288 comm="xauth" path="/var/run/lxdm.auth-n" dev=sdb6 ino=1230 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file
----
time->Mon Mar 15 12:47:04 2010
type=SYSCALL msg=audit(1268675224.023:54533): arch=40000003 syscall=10 success=yes exit=0 a0=bfe1db1c a1=bfe1db1c a2=0 a3=82a70d2 items=0 ppid=3286 pid=3288 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xauth" exe="/usr/bin/xauth" subj=system_u:system_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675224.023:54533): avc:  denied  { unlink } for  pid=3288 comm="xauth" name="lxdm.auth-n" dev=sdb6 ino=1230 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=AVC msg=audit(1268675224.023:54533): avc:  denied  { remove_name } for  pid=3288 comm="xauth" name="lxdm.auth-n" dev=sdb6 ino=1230 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
----
time->Mon Mar 15 12:47:17 2010
type=SYSCALL msg=audit(1268675237.628:54535): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bfd3737c a2=9e6ff4 a3=86e2ff8 items=0 ppid=1 pid=3286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lxdm-binary" exe="/usr/bin/lxdm-binary" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675237.628:54535): avc:  denied  { getattr } for  pid=3286 comm="lxdm-binary" path="/etc/shadow" dev=sdb2 ino=9615 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shadow_t:s0 tclass=file
----
time->Mon Mar 15 12:47:17 2010
type=SYSCALL msg=audit(1268675237.685:54536): arch=40000003 syscall=11 success=yes exit=0 a0=9363d50 a1=bfccb740 a2=9371450 a3=bfccb740 items=0 ppid=2079 pid=3298 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="udev-acl.ck" exe="/lib/udev/udev-acl" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675237.685:54536): avc:  denied  { noatsecure } for  pid=3298 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1268675237.685:54536): avc:  denied  { siginh } for  pid=3298 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1268675237.685:54536): avc:  denied  { rlimitinh } for  pid=3298 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
----
time->Mon Mar 15 12:47:17 2010
type=SYSCALL msg=audit(1268675237.794:54537): arch=40000003 syscall=11 success=yes exit=0 a0=82a44f0 a1=82a56c8 a2=82a2df8 a3=82a56c8 items=0 ppid=3299 pid=3304 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="restorecon" exe="/sbin/setfiles" subj=system_u:system_r:setfiles_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675237.794:54537): avc:  denied  { noatsecure } for  pid=3304 comm="restorecon" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:setfiles_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1268675237.794:54537): avc:  denied  { siginh } for  pid=3304 comm="restorecon" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:setfiles_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1268675237.794:54537): avc:  denied  { rlimitinh } for  pid=3304 comm="restorecon" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:setfiles_t:s0-s0:c0.c1023 tclass=process
----
time->Mon Mar 15 12:47:17 2010
type=SYSCALL msg=audit(1268675237.957:54538): arch=40000003 syscall=11 success=yes exit=0 a0=804c710 a1=bff576fc a2=bff58ac4 a3=7 items=0 ppid=3313 pid=3314 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="dbus-daemon" exe="/bin/dbus-daemon" subj=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675237.957:54538): avc:  denied  { noatsecure } for  pid=3314 comm="dbus-daemon" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1268675237.957:54538): avc:  denied  { siginh } for  pid=3314 comm="dbus-daemon" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1268675237.957:54538): avc:  denied  { rlimitinh } for  pid=3314 comm="dbus-daemon" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1268675237.957:54538): avc:  denied  { write } for  pid=3314 comm="dbus-daemon" path="/home/dj/.xsession-errors" dev=sdb3 ino=75 scontext=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_home_t:s0 tclass=file
----
time->Mon Mar 15 12:47:18 2010
type=SYSCALL msg=audit(1268675238.335:54539): arch=40000003 syscall=11 success=yes exit=0 a0=10a1558 a1=10a0f00 a2=10a1510 a3=10a1928 items=0 ppid=3378 pid=3380 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="im-settings-dae" exe="/usr/libexec/im-settings-daemon" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675238.335:54539): avc:  denied  { noatsecure } for  pid=3380 comm="im-settings-dae" scontext=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1268675238.335:54539): avc:  denied  { siginh } for  pid=3380 comm="im-settings-dae" scontext=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1268675238.335:54539): avc:  denied  { rlimitinh } for  pid=3380 comm="im-settings-dae" scontext=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process
----
time->Mon Mar 15 12:47:17 2010
type=SYSCALL msg=audit(1268675237.628:54534): arch=40000003 syscall=5 success=yes exit=4 a0=1ad149 a1=80000 a2=1b6 a3=1ad0e5 items=0 ppid=1 pid=3286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lxdm-binary" exe="/usr/bin/lxdm-binary" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675237.628:54534): avc:  denied  { open } for  pid=3286 comm="lxdm-binary" name="shadow" dev=sdb2 ino=9615 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shadow_t:s0 tclass=file
type=AVC msg=audit(1268675237.628:54534): avc:  denied  { read } for  pid=3286 comm="lxdm-binary" name="shadow" dev=sdb2 ino=9615 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shadow_t:s0 tclass=file
----
time->Mon Mar 15 12:47:18 2010
type=SYSCALL msg=audit(1268675238.444:54540): arch=40000003 syscall=11 success=yes exit=0 a0=9ada85 a1=bfa7b0cc a2=bfa7c92c a3=3 items=0 ppid=3380 pid=3391 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="sh" exe="/bin/bash" subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675238.444:54540): avc:  denied  { noatsecure } for  pid=3391 comm="sh" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1268675238.444:54540): avc:  denied  { siginh } for  pid=3391 comm="sh" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=process
----
time->Mon Mar 15 12:47:18 2010
type=SYSCALL msg=audit(1268675238.518:54541): arch=40000003 syscall=5 success=yes exit=3 a0=be5637 a1=8002 a2=0 a3=0 items=0 ppid=1 pid=3390 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="gvfs-fuse-daemo" exe="/usr/libexec/gvfs-fuse-daemon" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675238.518:54541): avc:  denied  { open } for  pid=3390 comm="gvfs-fuse-daemo" name="fuse" dev=devtmpfs ino=9368 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fuse_device_t:s0 tclass=chr_file
type=AVC msg=audit(1268675238.518:54541): avc:  denied  { read write } for  pid=3390 comm="gvfs-fuse-daemo" name="fuse" dev=devtmpfs ino=9368 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fuse_device_t:s0 tclass=chr_file
----
time->Mon Mar 15 12:47:18 2010
type=SYSCALL msg=audit(1268675238.524:54542): arch=40000003 syscall=11 success=yes exit=0 a0=be55b9 a1=bfe19d24 a2=8e65e08 a3=bfe19d24 items=0 ppid=3390 pid=3395 auid=4294967295 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="fusermount" exe="/bin/fusermount" subj=system_u:system_r:mount_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675238.524:54542): avc:  denied  { noatsecure } for  pid=3395 comm="fusermount" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:mount_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1268675238.524:54542): avc:  denied  { siginh } for  pid=3395 comm="fusermount" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:mount_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1268675238.524:54542): avc:  denied  { rlimitinh } for  pid=3395 comm="fusermount" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:mount_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1268675238.524:54542): avc:  denied  { read write } for  pid=3395 comm="fusermount" path="socket:[15053587]" dev=sockfs ino=15053587 scontext=system_u:system_r:mount_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=unix_stream_socket
----
time->Mon Mar 15 12:47:18 2010
type=SYSCALL msg=audit(1268675238.657:54543): arch=40000003 syscall=5 success=yes exit=13 a0=8f8f148 a1=41 a2=1c0 a3=8f8f148 items=0 ppid=3396 pid=3397 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675238.657:54543): avc:  denied  { write } for  pid=3397 comm="gconfd-2" name=".testing.writeability" dev=sdb3 ino=355 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gconf_home_t:s0 tclass=file
type=AVC msg=audit(1268675238.657:54543): avc:  denied  { create } for  pid=3397 comm="gconfd-2" name=".testing.writeability" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gconf_home_t:s0 tclass=file
type=AVC msg=audit(1268675238.657:54543): avc:  denied  { add_name } for  pid=3397 comm="gconfd-2" name=".testing.writeability" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir
type=AVC msg=audit(1268675238.657:54543): avc:  denied  { write } for  pid=3397 comm="gconfd-2" name=".gconf" dev=sdb3 ino=73730 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir
----
time->Mon Mar 15 12:47:18 2010
type=SYSCALL msg=audit(1268675238.657:54544): arch=40000003 syscall=10 success=yes exit=0 a0=8f8f148 a1=41 a2=b7f1a4 a3=8f8f148 items=0 ppid=3396 pid=3397 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675238.657:54544): avc:  denied  { unlink } for  pid=3397 comm="gconfd-2" name=".testing.writeability" dev=sdb3 ino=355 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gconf_home_t:s0 tclass=file
type=AVC msg=audit(1268675238.657:54544): avc:  denied  { remove_name } for  pid=3397 comm="gconfd-2" name=".testing.writeability" dev=sdb3 ino=355 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir
----
time->Mon Mar 15 12:47:18 2010
type=SYSCALL msg=audit(1268675238.670:54545): arch=40000003 syscall=5 success=yes exit=14 a0=8f8e870 a1=441 a2=1b6 a3=8052ead items=0 ppid=3396 pid=3397 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675238.670:54545): avc:  denied  { append } for  pid=3397 comm="gconfd-2" name="saved_state" dev=sdb3 ino=97 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gconf_home_t:s0 tclass=file
----
time->Mon Mar 15 12:47:19 2010
type=SYSCALL msg=audit(1268675239.611:54546): arch=40000003 syscall=10 success=yes exit=0 a0=8286880 a1=9e8390 a2=b7f1a4 a3=828a1c8 items=0 ppid=3380 pid=3634 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="ibus-daemon" exe="/usr/bin/ibus-daemon" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675239.611:54546): avc:  denied  { unlink } for  pid=3634 comm="ibus-daemon" name="71b882ba52e52c1376349c374aff3dfc-unix-0" dev=sdb3 ino=395025 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gnome_home_t:s0 tclass=file
type=AVC msg=audit(1268675239.611:54546): avc:  denied  { remove_name } for  pid=3634 comm="ibus-daemon" name="71b882ba52e52c1376349c374aff3dfc-unix-0" dev=sdb3 ino=395025 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gnome_home_t:s0 tclass=dir
type=AVC msg=audit(1268675239.611:54546): avc:  denied  { write } for  pid=3634 comm="ibus-daemon" name="bus" dev=sdb3 ino=407922 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gnome_home_t:s0 tclass=dir
----
time->Mon Mar 15 12:47:19 2010
type=SYSCALL msg=audit(1268675239.612:54547): arch=40000003 syscall=5 success=yes exit=6 a0=8286880 a1=241 a2=1b6 a3=14d7c1 items=0 ppid=3380 pid=3634 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="ibus-daemon" exe="/usr/bin/ibus-daemon" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675239.612:54547): avc:  denied  { write } for  pid=3634 comm="ibus-daemon" name="71b882ba52e52c1376349c374aff3dfc-unix-0" dev=sdb3 ino=395025 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gnome_home_t:s0 tclass=file
type=AVC msg=audit(1268675239.612:54547): avc:  denied  { create } for  pid=3634 comm="ibus-daemon" name="71b882ba52e52c1376349c374aff3dfc-unix-0" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gnome_home_t:s0 tclass=file
type=AVC msg=audit(1268675239.612:54547): avc:  denied  { add_name } for  pid=3634 comm="ibus-daemon" name="71b882ba52e52c1376349c374aff3dfc-unix-0" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gnome_home_t:s0 tclass=dir
----
time->Mon Mar 15 12:47:19 2010
type=SYSCALL msg=audit(1268675239.727:54548): arch=40000003 syscall=192 success=yes exit=8577024 a0=0 a1=1000 a2=5 a3=1 items=0 ppid=3634 pid=3657 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675239.727:54548): avc:  denied  { execute } for  pid=3657 comm="python" path=2F746D702F6666694575616D705A202864656C6574656429 dev=tmpfs ino=15054147 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
----
time->Mon Mar 15 12:47:19 2010
type=SYSCALL msg=audit(1268675239.886:54549): arch=40000003 syscall=33 success=yes exit=0 a0=9345110 a1=4 a2=59f1a8 a3=bfe3cf2d items=0 ppid=3634 pid=3657 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675239.886:54549): avc:  denied  { read } for  pid=3657 comm="python" name=".fonts.conf" dev=sdb3 ino=61 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_fonts_config_t:s0 tclass=file
----
time->Mon Mar 15 12:47:19 2010
type=SYSCALL msg=audit(1268675239.886:54550): arch=40000003 syscall=195 success=yes exit=0 a0=9345110 a1=bfe3714c a2=9e6ff4 a3=3 items=0 ppid=3634 pid=3657 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675239.886:54550): avc:  denied  { getattr } for  pid=3657 comm="python" path="/home/dj/.fonts.conf" dev=sdb3 ino=61 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_fonts_config_t:s0 tclass=file
----
time->Mon Mar 15 12:47:19 2010
type=SYSCALL msg=audit(1268675239.887:54551): arch=40000003 syscall=5 success=yes exit=10 a0=9345110 a1=0 a2=8e1c6d a3=bfe380cc items=0 ppid=3634 pid=3657 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675239.887:54551): avc:  denied  { open } for  pid=3657 comm="python" name=".fonts.conf" dev=sdb3 ino=61 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_fonts_config_t:s0 tclass=file
----
time->Mon Mar 15 12:47:48 2010
type=SYSCALL msg=audit(1268675268.751:54553): arch=40000003 syscall=5 success=yes exit=14 a0=8f925d0 a1=241 a2=1c0 a3=8f925d0 items=0 ppid=1 pid=3397 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675268.751:54553): avc:  denied  { write } for  pid=3397 comm="gconfd-2" name="saved_state.tmp" dev=sdb3 ino=355 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gconf_home_t:s0 tclass=file
type=AVC msg=audit(1268675268.751:54553): avc:  denied  { create } for  pid=3397 comm="gconfd-2" name="saved_state.tmp" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gconf_home_t:s0 tclass=file
----
time->Mon Mar 15 12:47:48 2010
type=SYSCALL msg=audit(1268675268.753:54554): arch=40000003 syscall=38 success=yes exit=0 a0=914cd50 a1=8f8b010 a2=91233b0 a3=8f925d0 items=0 ppid=1 pid=3397 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675268.753:54554): avc:  denied  { rename } for  pid=3397 comm="gconfd-2" name="saved_state" dev=sdb3 ino=97 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gconf_home_t:s0 tclass=file
----
time->Mon Mar 15 12:47:48 2010
type=SYSCALL msg=audit(1268675268.754:54555): arch=40000003 syscall=10 success=yes exit=0 a0=8f8b010 a1=914cd50 a2=b7f1a4 a3=8f925d0 items=0 ppid=1 pid=3397 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675268.754:54555): avc:  denied  { unlink } for  pid=3397 comm="gconfd-2" name="saved_state.orig" dev=sdb3 ino=97 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gconf_home_t:s0 tclass=file
----
time->Mon Mar 15 12:47:48 2010
type=SYSCALL msg=audit(1268675268.750:54552): arch=40000003 syscall=5 success=yes exit=14 a0=914cd50 a1=441 a2=1b6 a3=8052ead items=0 ppid=1 pid=3397 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675268.750:54552): avc:  denied  { append } for  pid=3397 comm="gconfd-2" name="saved_state" dev=sdb3 ino=97 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gconf_home_t:s0 tclass=file
----
time->Mon Mar 15 12:48:19 2010
type=SYSCALL msg=audit(1268675299.723:54558): arch=40000003 syscall=5 success=no exit=-13 a0=8f8cca8 a1=41 a2=180 a3=91554e8 items=0 ppid=1 pid=3397 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1268675299.723:54558): avc:  denied  { write } for  pid=3397 comm="gconfd-2" name="interface" dev=sdb3 ino=294914 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir


##############################################################################
### file 2 of 2: mylxdm.te
##############################################################################

policy_module(mylxdm, 1.0)

require {
	type unconfined_t;
	type var_run_t;
	type gnome_home_t;
	type consolekit_t;
	type user_fonts_config_t;
	type xauth_t;
	type etc_t;
	type setfiles_t;
	type shadow_t;
	type udev_t;
	type xdm_home_t;
	type xdm_dbusd_t;
	type gconf_home_t;
	type fuse_device_t;
	type xdm_tmp_t;
	type xdm_t;
	type mount_t;
	class process { siginh noatsecure rlimitinh };
	class unix_stream_socket { read write };
	class chr_file { read write open };
	class dir { write remove_name add_name };
	class file { rename execute setattr read create write getattr link unlink open append };
}

#============= consolekit_t ==============
#!!!! This avc has a dontaudit rule in the current policy

allow consolekit_t udev_t:process { siginh noatsecure rlimitinh };

#============= mount_t ==============
#!!!! This avc has a dontaudit rule in the current policy

allow mount_t xdm_t:unix_stream_socket { read write };

#============= xauth_t ==============
#!!!! The source type 'xauth_t' can write to a 'dir' of the following types:
# user_home_t, xdm_var_run_t, tmp_t, admin_home_t, user_home_dir_t, nx_server_var_lib_t, xauth_tmp_t, user_tmp_t, var_lib_t, nfs_t

allow xauth_t var_run_t:dir { write remove_name add_name };
allow xauth_t var_run_t:file { create unlink link };
#!!!! This avc has a dontaudit rule in the current policy

allow xauth_t var_run_t:file { write getattr open };

#============= xdm_dbusd_t ==============
#!!!! This avc has a dontaudit rule in the current policy

allow xdm_dbusd_t xdm_home_t:file write;
#!!!! This avc has a dontaudit rule in the current policy

allow xdm_dbusd_t xdm_t:process { siginh noatsecure rlimitinh };

#============= xdm_t ==============
#!!!! The source type 'xdm_t' can write to a 'dir' of the following types:
# xdm_home_t, pam_var_console_t, pcscd_var_run_t, var_lock_t, xkb_var_lib_t, xdm_rw_etc_t, root_t, tmp_t, var_t, user_fonts_t, user_tmpfs_t, xdm_spool_t, fonts_cache_t, user_home_dir_t, locale_t, var_auth_t, tmpfs_t, var_spool_t, user_tmp_t, var_lib_t, var_run_t, auth_cache_t, xdm_tmp_t, xdm_tmpfs_t, xserver_log_t, var_log_t, xdm_log_t, pam_var_run_t, xdm_var_lib_t, xdm_var_run_t, user_home_dir_t, root_t, user_home_t, nfs_t, polyparent

allow xdm_t etc_t:dir { write remove_name add_name };
allow xdm_t etc_t:file { rename write create unlink };
#!!!! This avc has a dontaudit rule in the current policy

allow xdm_t fuse_device_t:chr_file { read write open };
#!!!! The source type 'xdm_t' can write to a 'dir' of the following types:
# xdm_home_t, pam_var_console_t, pcscd_var_run_t, var_lock_t, xkb_var_lib_t, xdm_rw_etc_t, root_t, tmp_t, var_t, user_fonts_t, user_tmpfs_t, xdm_spool_t, fonts_cache_t, user_home_dir_t, locale_t, var_auth_t, tmpfs_t, var_spool_t, user_tmp_t, var_lib_t, var_run_t, auth_cache_t, xdm_tmp_t, xdm_tmpfs_t, xserver_log_t, var_log_t, xdm_log_t, pam_var_run_t, xdm_var_lib_t, xdm_var_run_t, user_home_dir_t, root_t, user_home_t, nfs_t, polyparent

allow xdm_t gconf_home_t:dir { write remove_name add_name };
allow xdm_t gconf_home_t:file { rename write setattr create unlink append };
#!!!! The source type 'xdm_t' can write to a 'dir' of the following types:
# xdm_home_t, pam_var_console_t, pcscd_var_run_t, var_lock_t, xkb_var_lib_t, xdm_rw_etc_t, root_t, tmp_t, var_t, user_fonts_t, user_tmpfs_t, xdm_spool_t, fonts_cache_t, user_home_dir_t, locale_t, var_auth_t, tmpfs_t, var_spool_t, user_tmp_t, var_lib_t, var_run_t, auth_cache_t, xdm_tmp_t, xdm_tmpfs_t, xserver_log_t, var_log_t, xdm_log_t, pam_var_run_t, xdm_var_lib_t, xdm_var_run_t, user_home_dir_t, root_t, user_home_t, nfs_t, polyparent

allow xdm_t gnome_home_t:dir { write remove_name add_name };
allow xdm_t gnome_home_t:file { write create unlink };
#!!!! This avc has a dontaudit rule in the current policy

allow xdm_t mount_t:process { siginh noatsecure rlimitinh };
#!!!! This avc has a dontaudit rule in the current policy

allow xdm_t setfiles_t:process { siginh noatsecure rlimitinh };
#!!!! This avc has a dontaudit rule in the current policy

allow xdm_t shadow_t:file { read getattr open };
#!!!! This avc has a dontaudit rule in the current policy

allow xdm_t unconfined_t:process { siginh noatsecure };
allow xdm_t user_fonts_config_t:file { read getattr open };
#!!!! This avc has a dontaudit rule in the current policy

allow xdm_t xdm_dbusd_t:process { siginh noatsecure rlimitinh };
allow xdm_t xdm_tmp_t:file execute;
Comment 1 Daniel Walsh 2010-03-15 14:14:27 EDT
This is all being caused because lxdm is not calling pam_selinux in its pam stack.
Comment 2 Christoph Wickert 2010-03-15 16:50:28 EDT
This is only true for the old version. The new version from updates-testing *does* call pam_selinux. I already posted the pam file in bug 572872. Please tell me what is wrong with it.
Comment 3 Daniel Walsh 2010-03-15 17:11:17 EDT
This bug report is not running
lxdm-0.1.1-0.1.20100303gite4f7b39.fc12
Comment 4 Christoph Wickert 2010-03-15 18:03:29 EDT
I know, but I am running lxdm-0.1.1-0.2.20100303gite4f7b39.fc12 and still get denials (see bug 573828). Please tell me if my pam file is ok or not (no matter if here or in bug 572872).
Comment 5 Daniel Walsh 2010-03-16 10:17:46 EDT
Lets combine into one bug.

*** This bug has been marked as a duplicate of bug 573828 ***

Note You need to log in before you can comment on or make changes to this bug.