Description of problem: Then I'am try connect though ssh -X I see message /home/vascom/.Xauthority not writable, changes will be ignored and can't run any gui program. I found that change permissions not help but disabling (enforce 0) selinux solve problem. I can't find any selinux warnings in /var/log/audit/audit.log or /var/log/audit/messages.log Version-Release number of selected component (if applicable): libselinux-python-2.1.6-4.fc16.x86_64 libselinux-utils-2.1.6-4.fc16.x86_64 selinux-policy-targeted-3.10.0-56.fc16.noarch libselinux-devel-2.1.6-4.fc16.x86_64 selinux-policy-3.10.0-56.fc16.noarch libselinux-2.1.6-4.fc16.x86_64 How reproducible: Always Steps to Reproduce: ssh -X to Fedora 16 Please, correct this problem.
If you execute # restorecon -R -v /home/vascom/.Xauthority does it fix the issue?
No, it not fix problem.
Ok, could you execute on the server # setenforce 0 # semodule -DB try to ssh -X to this server # ausearch -m avc -ts recent > ssh_selinux.log # semodule -B And attach this log please. Also could you add outputs of # ls -Z /home/vascom/.Xauthority # matchpathcon /home/vascom/.Xauthority
Created attachment 570350 [details] Selinux log ls -Z /home/vascom/.Xauthority -rw-------. vascom vascom system_u:object_r:xdm_home_t:s0 /home/vascom/.Xauthority matchpathcon /home/vascom/.Xauthority /home/vascom/.Xauthority unconfined_u:object_r:xauth_home_t:s0
Miroslav did we back port all of the file trans rules from F17 into F16? sesearch -T -s xdm_t -t user_home_dir_t | grep Xauth WARNING: Policy would be downgraded from version 27 to 26. type_transition xdm_t user_home_dir_t : file xauth_home_t ".Xauth"; type_transition xdm_t user_home_dir_t : file xauth_home_t ".Xauthority-c"; type_transition xdm_t user_home_dir_t : file xauth_home_t ".Xauthority-l"; type_transition xdm_t user_home_dir_t : file xauth_home_t ".Xauthority";
type_transition xdm_t user_home_dir_t : file xauth_home_t ".Xauthority-c"; type_transition xdm_t user_home_dir_t : file xauth_home_t ".Xauthority-l"; is missing.
selinux-policy-3.10.0-84.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-84.fc16
selinux-policy-3.10.0-84.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.