libreport version: 2.0.10 executable: /usr/bin/python2.7 hashmarkername: setroubleshoot kernel: 3.5.1-1.fc17.x86_64 time: Sat 18 Aug 2012 11:26:07 AM IST description: :SELinux is preventing /usr/libexec/gdm-session-worker from 'setattr' accesses on the file .xsession-errors. : :***** Plugin catchall_labels (83.8 confidence) suggests ******************** : :If you want to allow gdm-session-worker to have setattr access on the .xsession-errors file :Then you need to change the label on .xsession-errors :Do :# semanage fcontext -a -t FILE_TYPE '.xsession-errors' :where FILE_TYPE is one of the following: fonts_cache_t, xserver_log_t, faillog_t, lastlog_t, xdm_log_t, gnome_home_type, etc_runtime_t, xdm_tmp_t, pcscd_var_run_t, pam_var_run_t, xdm_var_lib_t, xdm_var_run_t, xkb_var_lib_t, xdm_rw_etc_t, gconf_home_t, user_tmpfs_type, xdm_home_t, xdm_lock_t, pam_var_console_t, cgroup_t, locale_t, var_auth_t, user_tmp_t, auth_home_t, xauth_home_t, auth_cache_t, user_fonts_t, xdm_tmpfs_t, xdm_spool_t, krb5_host_rcache_t. :Then execute: :restorecon -v '.xsession-errors' : : :***** Plugin catchall (17.1 confidence) suggests *************************** : :If you believe that gdm-session-worker should be allowed setattr access on the .xsession-errors file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep gdm-session-wor /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 :Target Context system_u:object_r:mnt_t:s0 :Target Objects .xsession-errors [ file ] :Source gdm-session-wor :Source Path /usr/libexec/gdm-session-worker :Port <Unknown> :Host (removed) :Source RPM Packages gdm-3.4.1-3.fc17.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-145.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Permissive :Host Name (removed) :Platform Linux (removed) 3.5.1-1.fc17.x86_64 #1 SMP Thu Aug : 9 17:50:43 UTC 2012 x86_64 x86_64 :Alert Count 3 :First Seen 2012-08-17 12:23:59 IST :Last Seen 2012-08-17 12:37:44 IST :Local ID b157acc1-bf26-44a9-ae19-83bfd92ba09a : :Raw Audit Messages :type=AVC msg=audit(1345187264.44:429): avc: denied { setattr } for pid=32277 comm="gdm-session-wor" name=".xsession-errors" dev="sda1" ino=913973 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mnt_t:s0 tclass=file : : :type=SYSCALL msg=audit(1345187264.44:429): arch=x86_64 syscall=fchmod success=yes exit=0 a0=e a1=180 a2=e a3=6f7272652d6e6f69 items=0 ppid=32223 pid=32277 auid=1001 uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=23 comm=gdm-session-wor exe=/usr/libexec/gdm-session-worker subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) : :Hash: gdm-session-wor,xdm_t,mnt_t,file,setattr : :audit2allow : :#============= xdm_t ============== :allow xdm_t mnt_t:file setattr; : :audit2allow -R : :#============= xdm_t ============== :allow xdm_t mnt_t:file setattr; :
You will need to execute # restorecon -R -v /home to fix this issue.
Thanks for the info.. Thought to add though - this started happening upon creating a new user (standaRD). Every time the standard user logged in, selinux would show up this message on the admin user's account.
Ok, what is path to your home dirs?
Admin user(ipcv11) home dir: /home/ipcv11. Had created the standard user from "User Accounts" in "System Settings" (Gnome). So, the home dir created for standard user(ipcv2) was: /home/ipcv2.
And it was labeled mnt_t? This looks strange.