Description of problem: SELinux is preventing /usr/libexec/uim-helper-server from 'create' accesses on the sock_file uim-helper. ***** Plugin catchall (100. confidence) suggests *************************** If vous pensez que uim-helper-server devrait être autorisé à accéder create sur uim-helper sock_file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep uim-helper-serv /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:xserver_log_t:s0 Target Objects uim-helper [ sock_file ] Source uim-helper-serv Source Path /usr/libexec/uim-helper-server Port <Unknown> Host (removed) Source RPM Packages uim-1.8.4-3.fc19.i686 Target RPM Packages Policy RPM selinux-policy-3.12.1-22.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.9.0-0.rc0.git3.1.fc19.i686.PAE #1 SMP Thu Feb 21 23:51:23 UTC 2013 i686 i686 Alert Count 20 First Seen 2013-03-14 22:13:14 CET Last Seen 2013-03-20 23:07:09 CET Local ID e551967b-6161-4a31-93b3-fb5d2a81ed1e Raw Audit Messages type=AVC msg=audit(1363817229.861:344): avc: denied { create } for pid=1345 comm="uim-helper-serv" name="uim-helper" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_log_t:s0 tclass=sock_file type=SYSCALL msg=audit(1363817229.861:344): arch=i386 syscall=socketcall success=no exit=EACCES a0=2 a1=bfe8aeb0 a2=2b a3=0 items=0 ppid=1 pid=1345 auid=4294967295 uid=996 gid=994 euid=996 suid=996 fsuid=996 egid=994 sgid=994 fsgid=994 ses=4294967295 tty=(none) comm=uim-helper-serv exe=/usr/libexec/uim-helper-server subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash: uim-helper-serv,xdm_t,xserver_log_t,sock_file,create audit2allow #============= xdm_t ============== allow xdm_t xserver_log_t:sock_file create; audit2allow -R require { type xserver_log_t; type xdm_t; class sock_file create; } #============= xdm_t ============== allow xdm_t xserver_log_t:sock_file create; Additional info: hashmarkername: setroubleshoot kernel: 3.9.0-0.rc0.git3.1.fc19.i686.PAE type: libreport
Why is uim-helper creating a socket in a log directory?
mgrepl uim looks like it needs policy written for it.
uim creates a socket under $HOME/.uim.d/socket and apparently it was about to run on some display manager. Is there anything I can improve in uim for this issue?
No that is fine, and would actually work well for us if we needed to label it. Ray do you know anything about this?
*** Bug 949749 has been marked as a duplicate of this bug. ***
*** Bug 948289 has been marked as a duplicate of this bug. ***
nope, i don't even know what uim is
Some kind of translation tool for fancy keyboards, Uim is a multilingual input method library. Uim aims to provide secure and useful input methods for all languages. Currently, it can input to applications which support Gtk+'s immodule, Qt's immodule and XIM. This package provides the input method library, the XIM bridge and most of the input methods. For the Japanese input methods you need to install - uim-anthy for Anthy - uim-canna for Canna - uim-skk for SKK.
what's its relationship to ibus? It shouldn't be putting dot directories directly in user's $HOME (that's what $HOME/.local and $HOME/.config are for) and it shouldn't be putting socket files in $HOME at all (that's what /run/user/.../ is for)
uim-1.8.5-3.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/uim-1.8.5-3.fc19
uim-1.8.5-2.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/uim-1.8.5-2.fc18
uim-1.8.5-2.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/uim-1.8.5-2.fc17
Package uim-1.8.5-3.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing uim-1.8.5-3.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-5683/uim-1.8.5-3.fc19 then log in and leave karma (feedback).
uim-1.8.5-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
uim-1.8.5-2.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
uim-1.8.5-4.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.