Bug 951966 - SELinux is preventing /usr/sbin/lightdm from create access on the file .dmrc.MWKGVW.
Summary: SELinux is preventing /usr/sbin/lightdm from create access on the file .dmrc....
Keywords:
Status: CLOSED DUPLICATE of bug 922958
Alias: None
Product: Fedora
Classification: Fedora
Component: lightdm
Version: 19
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Rex Dieter
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-04-14 21:26 UTC by John Reiser
Modified: 2013-04-15 02:29 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2013-04-15 02:29:00 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description John Reiser 2013-04-14 21:26:36 UTC 
Description of problem: When running Fedora 19 Alpha TC6 XFCE Live spin, then lightdm cannot access .dmrc.


Version-Release number of selected component (if applicable):
lightdm-1.5.2-2.fc19.i686


How reproducible: every time


Steps to Reproduce:
1. Boot Fedora 19 Alpha TC6 XFCE Live spin.
2. Look in syslog /var/log/messages.
3. Invoke sealert as indicated.
  
Actual results:
localhost setroubleshoot: SELinux is preventing /usr/sbin/lightdm from create access on the file .dmrc.MWKGVW. For complete SELinux messages. run sealert -l <<UUID>>

Expected results: no complaint


Additional info:$ sealert -l <<UUID>>
SELinux is preventing /usr/sbin/lightdm from create access on the file .dmrc.MWKGVW.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that lightdm should be allowed create access on the .dmrc.MWKGVW file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep lightdm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


could not open interface info [/var/lib/sepolgen/interface_info]
Additional Information:
Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context                system_u:object_r:user_home_t:s0
Target Objects                .dmrc.MWKGVW [ file ]
Source                        lightdm
Source Path                   /usr/sbin/lightdm
Port                          <Unknown>
Host                          localhost
Source RPM Packages           lightdm-1.5.2-2.fc19.i686
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-28.fc19.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost
Platform                      Linux localhost 3.9.0-0.rc6.git2.1.fc19.i686 #1
                              SMP Thu Apr 11 17:21:07 UTC 2013 i686 i686
Alert Count                   1
First Seen                    2013-04-14 17:13:53 EDT
Last Seen                     2013-04-14 17:13:53 EDT
Local ID                      964d23be-5de1-4933-aaaf-eb69281e3688

Raw Audit Messages
type=AVC msg=audit(1365974033.249:410): avc:  denied  { create } for  pid=1229 comm="lightdm" name=".dmrc.MWKGVW" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_t:s0 tclass=file


type=SYSCALL msg=audit(1365974033.249:410): arch=i386 syscall=open success=no exit=EACCES a0=9d9c648 a1=80c2 a2=1b6 a3=0 items=0 ppid=1 pid=1229 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=0 fsuid=1000 egid=1000 sgid=0 fsgid=1000 ses=4294967295 tty=(none) comm=lightdm exe=/usr/sbin/lightdm subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

Hash: lightdm,xdm_t,user_home_t,file,create

audit2allow

#============= xdm_t ==============
allow xdm_t user_home_t:file create;

audit2allow -R

$
Comment 1 Rex Dieter 2013-04-15 02:29:00 UTC 

*** This bug has been marked as a duplicate of bug 922958 ***
Note You need to log in before you can comment on or make changes to this bug.