acv denied from screensaver
Daniel J Walsh
dwalsh at redhat.com
Mon Jul 12 17:19:18 UTC 2004
Richard Hally wrote:
> The messages below occured while booting with the latest strict policy
> in enforcing mode. One of the things that is not working is the
> screensaver. The first message indicates that the problem with the
> screensaver may be related to context of files in /tmp created by xdm.
>
>
> Jul 10 03:13:22 new2 kernel: audit(1089443602.916:0): avc: denied {
> search } for pid=3288 exe=/usr/X11R6/bin/xscreensaver name=.X11-unix
> dev=hda2 ino=1840550 scontext=richard:staff_r:staff_screensaver_t
> tcontext=system_u:object_r:xdm_tmp_t tclass=dir
>
> The additional messages below may or may not be related.
>
> Jul 10 03:13:24 new2 kernel: audit(1089443604.337:0): avc: denied {
> create } for pid=3161 exe=/usr/bin/gnome-session
> scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t
> tclass=netlink_route_socket
These should have been dontaudited. Are you running with enableaudit?
>
> the message above repeates 5 times then:
>
> Jul 10 03:13:30 new2 kernel: audit(1089443610.307:0): avc: denied {
> getattr }
> for pid=3390 exe=/usr/libexec/gnome-vfs-daemon path=/initrd dev=ram0
> ino=2 scontext=richard:staff_r:staff_t
> tcontext=system_u:object_r:file_t tclass=dir
> Jul 10 03:13:31 new2 kernel: audit(1089443611.639:0): avc: denied {
> getattr }
> for pid=3401 exe=/usr/bin/nautilus path=/initrd dev=ram0 ino=2
> scontext=richard:staff_r:staff_t tcontext=system_u:object_r:file_t
> tclass=dir
> Jul 10 03:13:31 new2 kernel: audit(1089443611.788:0): avc: denied {
> getattr }
> for pid=3402 exe=/usr/bin/nautilus path=/initrd dev=ram0 ino=2
> scontext=richard:staff_r:staff_t tcontext=system_u:object_r:file_t
> tclass=dir
> Jul 10 03:13:36 new2 kernel: audit(1089443616.055:0): avc: denied {
> create } for pid=3161 exe=/usr/bin/gnome-session
> scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t
> tclass=netlink_route_socket
> Jul 10 03:15:09 new2 kernel: audit(1089443709.073:0): avc: denied {
> create } for pid=3161 exe=/usr/bin/gnome-session
> scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t
> tclass=netlink_route_socket
>
/initrd should have been umounted at when the boot completes. we have
to figure out why it is not umounted. The rest are being caused because
of enableaudit I believe.
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the selinux
mailing list