Bug 730185 - SELinux is preventing /usr/bin/xauth from 'read' accesses on the directory /etc/samba.
Summary: SELinux is preventing /usr/bin/xauth from 'read' accesses on the directory /e...
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 15
Hardware: i386
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:c5ae36049f3...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-12 03:59 UTC by nextgeneration422
Modified: 2011-10-07 14:56 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-10-07 14:56:53 UTC


Attachments (Terms of Use)

Description nextgeneration422 2011-08-12 03:59:06 UTC
SELinux is preventing /usr/bin/xauth from 'read' accesses on the directory /etc/samba.

*****  Plugin leaks (50.5 confidence) suggests  ******************************

If you want to ignore xauth trying to read access the samba directory, because you believe it should not need this access.
Then you should report this as a bug.  
You can generate a local policy module to dontaudit this access.
Do
# grep /usr/bin/xauth /var/log/audit/audit.log | audit2allow -D -M mypol
# semodule -i mypol.pp

*****  Plugin catchall (50.5 confidence) suggests  ***************************

If you believe that xauth should be allowed read access on the samba directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep xauth /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023
Target Context                system_u:object_r:samba_etc_t:s0
Target Objects                /etc/samba [ dir ]
Source                        xauth
Source Path                   /usr/bin/xauth
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           xorg-x11-xauth-1.0.2-9.fc15
Target RPM Packages           samba-common-3.5.8-68.fc15.1
Policy RPM                    selinux-policy-3.9.16-35.fc15
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 2.6.40-4.fc15.i686.PAE #1 SMP
                              Fri Jul 29 18:47:58 UTC 2011 i686 i686
Alert Count                   24
First Seen                    Fri 12 Aug 2011 04:00:58 AM IST
Last Seen                     Fri 12 Aug 2011 09:23:07 AM IST
Local ID                      d0636f1f-c308-4c1f-890b-647b8edb13aa

Raw Audit Messages
type=AVC msg=audit(1313121187.522:169): avc:  denied  { read } for  pid=3528 comm="xauth" path="/etc/samba" dev=dm-2 ino=1836291 scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:samba_etc_t:s0 tclass=dir


type=SYSCALL msg=audit(1313121187.522:169): arch=i386 syscall=execve success=yes exit=0 a0=bffbebda a1=9c1cab0 a2=9bf6848 a3=9c1cab0 items=0 ppid=3506 pid=3528 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=8 comm=xauth exe=/usr/bin/xauth subj=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 key=(null)

Hash: xauth,xauth_t,samba_etc_t,dir,read

audit2allow

#============= xauth_t ==============
allow xauth_t samba_etc_t:dir read;

audit2allow -R

#============= xauth_t ==============
allow xauth_t samba_etc_t:dir read;

Comment 1 Daniel Walsh 2011-08-12 10:23:21 UTC
What were you doing when you saw this avc?

Comment 2 nextgeneration422 2011-08-12 19:22:45 UTC
(In reply to comment #1)
> What were you doing when you saw this avc?

Mr daniel,I am new in linux and bugzilla too so,at the time of sending bug reports I could not sent all the details and for that I am very sorry for that.

Now I am sending all the details read it minutely.-----


       I sent the deatails to understand it very clearly.The engineers of Red hat/Fedora or the developer of this software which is responsible for this bug are requested to solve the problem as soon as possible.I am new user of linux(Fedora)so,I did not know how to send bug report and how to see a bug report.

       After downloading fedora 15 (http://torrent.fedoraproject.org/------->Fedora 15------->Fedora-15-i386-DVD.torrent)I installed Fedora 15 dvd with Kde,Gnome and Xfce desktop,I took update 1 by 1 and in that time I got the first bug but can not remember particularly which software made the first bug.Total I got 2 bugs.I got the 2nd bug at the time of clamav auto configure.

        For these 2 bugs my system got crashed.When I installed Fedora 15 in my desktop computer,to log in my desktop computer I was asked to enter passpharase in my computer and after paspharase I had to enter user(standard) password/user (admin)password/root password and I have 2 users but after getting these 2 bugs I could see that I do not need to enter any password to login my desktop and after shut down when I am trying to start my desktop computer,I need only passphrase to login my desktop and can see the last user in the user list got autometically login without any password.

       After entering in last user desktop if I need to start another user session then I need to logout from this user and loin desktop by other user and in that time I can see that particular password for the particular user not working means some times I can see the particular password of the 1st user if I enter in 1st user field I am getting the 2nd user desktop so,I think those bugs have destroyed my password system so,please you are requested to solve the problem fast because my system is behaving like a mad.All are requested to read these paragraph carefully to know the problem clearly.

To understand this bug you have to see my first bug report id=722747,In my 1st bug report Mr.Daniel Walsh--you have written that your working on it.


So,My first bug id number is 722747  and  2nd bug id number is 730185.

Mr daniel and all the engineers of the fedor please tell me what should I do now?means to reinstall fedora 15 or to wait for new updates.

Again I am telling sory because a number of times i sent same bugs because I did not know how to send bugs because I was the user of Microsoft Operating System and there is no bug reporting system in Microsoft,all will be done in microsoft autometically.

Comment 3 Daniel Walsh 2011-08-29 17:07:34 UTC
I don't think either of these bugs is related to you not being able to login.


Note You need to log in before you can comment on or make changes to this bug.