Summary: SELinux is preventing /usr/libexec/lxdm-greeter-gtk "read" access on lxdm.auth. Detailed Description: SELinux denied access requested by lxdm-greeter-gt. It is not expected that this access is required by lxdm-greeter-gt and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_run_t:s0 Target Objects lxdm.auth [ file ] Source lxdm-greeter-gt Source Path /usr/libexec/lxdm-greeter-gtk Port <Unknown> Host (removed) Source RPM Packages lxdm-0.2.0-4.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-21.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux localhost.localdomain 2.6.33.3-85.fc13.i686 #1 SMP Thu May 6 18:44:12 UTC 2010 i686 i686 Alert Count 1 First Seen Sat 05 Jun 2010 08:23:52 PM CEST Last Seen Sat 05 Jun 2010 08:23:52 PM CEST Local ID 90271d3e-79a5-4d2f-9327-49475a7985a3 Line Numbers Raw Audit Messages node=localhost.localdomain type=AVC msg=audit(1275762232.373:25): avc: denied { read } for pid=10787 comm="lxdm-greeter-gt" name="lxdm.auth" dev=dm-0 ino=24650 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file node=localhost.localdomain type=SYSCALL msg=audit(1275762232.373:25): arch=40000003 syscall=33 success=no exit=-13 a0=bff5cfc6 a1=4 a2=218bb8 a3=bff5cfc6 items=0 ppid=1402 pid=10787 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="lxdm-greeter-gt" exe="/usr/libexec/lxdm-greeter-gtk" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,lxdm-greeter-gt,xdm_t,var_run_t,file,read audit2allow suggests: #============= xdm_t ============== allow xdm_t var_run_t:file read;
Execute: restorecon -R -v /var/run Should fix. Reopen if this happens again.
Miroslav, # restorecon -R -v /var/run does not work for me on F-13 LXDE, the same SELinux msg. re-appears.
ee (?) I didn't double post...
yum -y reinstall selinux-policy-targeted And see if anything goes wrong.
Thanks Daniel, SELinux message is gone.