Bug 804624 - SELinux is preventing /usr/libexec/gdm-session-worker from 'create' accesses on the file .xsession-errors.XXZD49AW
Summary: SELinux is preventing /usr/libexec/gdm-session-worker from 'create' accesses ...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy
Version: 6.2
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Miroslav Grepl
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-03-19 13:12 UTC by Yogesh
Modified: 2018-11-26 17:05 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-21 13:16:39 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Yogesh 2012-03-19 13:12:14 UTC 
Description of problem:
SELinux is preventing /usr/libexec/gdm-session-worker from 'create' accesses on the file .xsession-errors.XXZD49AW

Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux 6 update 2
selinux-policy-3.7.19-126.el6_2.10

description:
:SELinux is preventing /usr/libexec/gdm-session-worker from 'create' accesses on the file .xsession-errors.XXZD49AW.
:
:*****  Plugin catchall (100. confidence) suggests  ***************************
:
:If you believe that gdm-session-worker should be allowed create access on the .xsession-errors.XXZD49AW file by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep gdm-session-wor /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp


Additional Information:
:Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
:Target Context                system_u:object_r:admin_home_t:s0
:Target Objects                .xsession-errors.XXZD49AW [ file ]
:Source                        gdm-session-wor
:Source Path                   /usr/libexec/gdm-session-worker
:Port                          <Unknown>
:Host                          (removed)
:Source RPM Packages           gdm-2.30.4-32.el6
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.7.19-126.el6_2.10
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 2.6.32-220.7.1.el6.x86_64 #1 SMP
:                              Fri Feb 10 15:22:22 EST 2012 x86_64 x86_64
:Alert Count                   4
:First Seen                    Thu 15 Mar 2012 01:53:34 PM CDT
:Last Seen                     Thu 15 Mar 2012 01:54:34 PM CDT
:Local ID                      8c203062-67fd-4db4-884f-a03928c5fc81

Raw Audit Messages
:type=AVC msg=audit(1331837674.106:865): avc:  denied  { create } for  pid=5141 comm="gdm-session-wor" name=".xsession-errors.XXZD49AW" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=file
:
:
:type=SYSCALL msg=audit(1331837674.106:865): arch=x86_64 syscall=open success=no exit=EACCES a0=7e8ee0 a1=c2 a2=180 a3=20 items=0 ppid=5092 pid=5141 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=132 comm=gdm-session-wor exe=/usr/libexec/gdm-session-worker subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
:
:Hash: gdm-session-wor,xdm_t,admin_home_t,file,create
:
:audit2allow
:
:#============= xdm_t ==============
:allow xdm_t admin_home_t:file create;
:
:audit2allow -R
:
:#============= xdm_t ==============
:allow xdm_t admin_home_t:file create;
Comment 4 Miroslav Grepl 2012-03-19 15:43:18 UTC 
Did you try to log in as root?
Note You need to log in before you can comment on or make changes to this bug.