Summary: SELinux is preventing /usr/libexec/gdm-session-worker "read write" access on /root. Detailed Description: SELinux denied access requested by gdm-session-wor. It is not expected that this access is required by gdm-session-wor and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:admin_home_t:s0 Target Objects /root [ dir ] Source gdm-session-wor Source Path /usr/libexec/gdm-session-worker Port <Unknown> Host (removed) Source RPM Packages gdm-2.29.92-6.fc13 Target RPM Packages filesystem-2.4.31-1.fc13 Policy RPM selinux-policy-3.7.15-4.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux nour1 2.6.33.3-85.fc13.i686.PAE #1 SMP Thu May 6 18:27:11 UTC 2010 i686 i686 Alert Count 3 First Seen Sat 15 May 2010 07:20:36 PM EEST Last Seen Sat 15 May 2010 07:31:37 PM EEST Local ID 3565bf01-023f-4598-85c2-99adbd18c7c2 Line Numbers Raw Audit Messages node=nour1 type=AVC msg=audit(1273941097.113:82): avc: denied { read write } for pid=5583 comm="gdm-session-wor" name="root" dev=dm-0 ino=1835023 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir node=nour1 type=SYSCALL msg=audit(1273941097.113:82): arch=40000003 syscall=33 success=no exit=-13 a0=9de78e0 a1=7 a2=5eb248 a3=9e435e0 items=0 ppid=5566 pid=5583 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="gdm-session-wor" exe="/usr/libexec/gdm-session-worker" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,gdm-session-wor,xdm_t,admin_home_t,dir,read,write audit2allow suggests: #============= xdm_t ============== #!!!! The source type 'xdm_t' can write to a 'dir' of the following types: # xdm_home_t, pam_var_console_t, pcscd_var_run_t, xkb_var_lib_t, xdm_rw_etc_t, var_lock_t, root_t, tmp_t, var_t, user_fonts_t, user_tmpfs_t, user_home_dir_t, xdm_spool_t, fonts_cache_t, locale_t, var_auth_t, tmpfs_t, var_spool_t, user_tmp_t, auth_cache_t, xdm_tmpfs_t, var_lib_t, var_run_t, xdm_tmp_t, xserver_log_t, var_log_t, xdm_log_t, pam_var_run_t, xdm_var_lib_t, xdm_var_run_t allow xdm_t admin_home_t:dir { read write };
*** This bug has been marked as a duplicate of bug 543970 ***