Bug 655378 - SELinux is preventing /usr/bin/gnome-screensaver from executing /usr/share/tucan-0.3.9/tucan.py.
Summary: SELinux is preventing /usr/bin/gnome-screensaver from executing /usr/share/tu...
Keywords:
Status: CLOSED DUPLICATE of bug 647588
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 14
Hardware: i386
OS: Linux
low
medium
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:eed1a7eff77...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-11-20 18:42 UTC by dannyel.olivares
Modified: 2010-12-19 11:58 UTC (History)
15 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2010-11-22 10:07:24 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description dannyel.olivares 2010-11-20 18:42:11 UTC 
Resúmen:

SELinux is preventing /usr/bin/gnome-screensaver from executing
/usr/share/tucan-0.3.9/tucan.py.

Descripción Detallada:

SELinux has denied the gnome-screensav from executing
/usr/share/tucan-0.3.9/tucan.py. If gnome-screensav is supposed to be able to
execute /usr/share/tucan-0.3.9/tucan.py, this could be a labeling problem. Most
confined domains are allowed to execute files labeled bin_t. So you could change
the labeling on this file to bin_t and retry the application. If this
gnome-screensav is not supposed to execute /usr/share/tucan-0.3.9/tucan.py, this
could signal an intrusion attempt.

Permitiendo Acceso:

If you want to allow gnome-screensav to execute /usr/share/tucan-0.3.9/tucan.py:
chcon -t bin_t '/usr/share/tucan-0.3.9/tucan.py' If this fix works, please
update the file context on disk, with the following command: semanage fcontext
-a -t bin_t '/usr/share/tucan-0.3.9/tucan.py' Please specify the full path to
the executable, Please file a bug report to make sure this becomes the default
labeling.

Información Adicional:

Contexto Fuente               system_u:system_r:xdm_t:s0-s0:c0.c1023
Contexto Destino              system_u:object_r:usr_t:s0
Objetos Destino               /usr/share/tucan-0.3.9/tucan.py [ file ]
Fuente                        gnome-screensav
Dirección de Fuente           /usr/bin/gnome-screensaver
Puerto                        <Desconocido>
Nombre de Equipo              (eliminado)
Paquetes RPM Fuentes          gnome-screensaver-2.30.2-2.fc14
Paquetes RPM Destinos         tucan-0.3.9-0.4.alpha.fc14
RPM de Políticas              selinux-policy-3.9.7-10.fc14
SELinux Activado              True
Tipo de Política              targeted
Modo Obediente                Enforcing
Nombre de Plugin              execute
Nombre de Equipo              (eliminado)
Plataforma                    Linux (eliminado) 2.6.35.6-48.fc14.i686 #1 SMP Fri
                              Oct 22 15:34:36 UTC 2010 i686 i686
Cantidad de Alertas           1
Visto por Primera Vez         mié 17 nov 2010 19:30:34 CLST
Visto por Última Vez          mié 17 nov 2010 19:30:34 CLST
ID Local                      a7a57369-90f3-4b4d-b1f4-92703d31be46
Números de Línea              

Mensajes de Auditoría Crudos  

node=(eliminado) type=AVC msg=audit(1290033034.198:9): avc:  denied  { execute } for  pid=1600 comm="gnome-screensav" name="tucan.py" dev=dm-0 ino=527289 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file

node=(eliminado) type=SYSCALL msg=audit(1290033034.198:9): arch=40000003 syscall=33 success=no exit=-13 a0=83521a4 a1=1 a2=a9427c a3=8 items=0 ppid=1 pid=1600 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm="gnome-screensav" exe="/usr/bin/gnome-screensaver" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  execute,gnome-screensav,xdm_t,usr_t,file,execute
audit2allow suggests:

#============= xdm_t ==============
allow xdm_t usr_t:file execute;
Comment 1 Miroslav Grepl 2010-11-22 10:07:24 UTC 

*** This bug has been marked as a duplicate of bug 647588 ***
Note You need to log in before you can comment on or make changes to this bug.