Summary: SELinux is preventing /usr/libexec/gdm-session-worker "read write" access on .xsession-errors. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by gdm-session-wor. It is not expected that this access is required by gdm-session-wor and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:home_root_t:s0 Target Objects .xsession-errors [ file ] Source gdm-session-wor Source Path /usr/libexec/gdm-session-worker Port <Unknown> Host (removed) Source RPM Packages gdm-2.28.2-3.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-113.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.32.12-114.fc12.x86_64 #1 SMP Tue Apr 27 20:54:06 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Mon 10 May 2010 01:11:10 PM CEST Last Seen Mon 10 May 2010 01:11:10 PM CEST Local ID c33282eb-ed11-400b-a5bc-9da3675c3832 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1273489870.762:51): avc: denied { read write } for pid=2559 comm="gdm-session-wor" name=".xsession-errors" dev=dm-3 ino=275 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:home_root_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1273489870.762:51): arch=c000003e syscall=21 success=yes exit=0 a0=1f5f4a0 a1=6 a2=20 a3=7fff9ce08a90 items=0 ppid=2536 pid=2559 auid=501 uid=501 gid=100 euid=501 suid=501 fsuid=501 egid=100 sgid=100 fsgid=100 tty=(none) ses=4 comm="gdm-session-wor" exe="/usr/libexec/gdm-session-worker" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,gdm-session-wor,xdm_t,home_root_t,file,read,write audit2allow suggests: #============= xdm_t ============== allow xdm_t home_root_t:file { read write };
Looks like you have a mislabeled users homedir. restorecon -R -v /home Should fix.