Summary: SELinux is preventing /usr/bin/xdm "write" access on /var/log/xdm.log. Detailed Description: SELinux denied access requested by xdm. It is not expected that this access is required by xdm and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:var_log_t:s0 Target Objects /var/log/xdm.log [ file ] Source xdm Source Path /usr/bin/xdm Port <Unknown> Host (removed) Source RPM Packages xorg-x11-xdm-1.1.6-18.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-21.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.33.5-112.fc13.x86_64 #1 SMP Thu May 27 02:28:31 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Wed 09 Jun 2010 08:26:41 PM CEST Last Seen Wed 09 Jun 2010 08:26:41 PM CEST Local ID 4ad63378-d71e-47a0-a215-800159dd1125 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1276108001.324:5): avc: denied { write } for pid=3452 comm="xdm" name="xdm.log" dev=dm-14 ino=35 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1276108001.324:5): arch=c000003e syscall=85 success=no exit=-13 a0=160f100 a1=1b6 a2=0 a3=ffffffff items=0 ppid=1 pid=3452 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xdm" exe="/usr/bin/xdm" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,xdm,xdm_t,var_log_t,file,write audit2allow suggests: #============= xdm_t ============== allow xdm_t var_log_t:file write;
restorecon -R -v /var/log Will fix. Somehow this got mislabeled. If it happens again or you know how it got mislabeled please reopen the bug.