Problem with su -

David Quigley selinux at davequigley.com
Mon Mar 5 16:35:34 UTC 2012 

On 03/05/2012 11:01, Bob Goodwin wrote:
> On 05/03/12 10:49, David Quigley wrote:
>> On 03/05/2012 10:21, Bob Goodwin wrote:
>>> On 05/03/12 09:39, Bob Goodwin wrote:
>>>>        I have an F-16 computer that was working normally a couple 
>>>> of
>>>>        days ago when run this morning has an unusual [to me] 
>>>> problem.
>>
>> Would you mind running sealert -l 
>> 90fc420a-dec9-47ce-afa5-6132c99ec61d and posting the output here so we 
>> can see what the problem is?
>>
>
> [bobg at box9 ~]$ sealert -l 90fc420a-dec9-47ce-afa5-6132c99ec61d
> SELinux is preventing /usr/bin/xauth from write access on the None 
> /root.
>
> *****  Plugin catchall (100. confidence) suggests
> ***************************
>
> If you believe that xauth should be allowed write access on the root
> <Unknown> by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep xauth /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
>
>
> Additional Information:
> Source Context
> unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023
> Target Context                unconfined_u:object_r:default_t:s0
> Target Objects                /root [ None ]
> Source                        xauth
> Source Path                   /usr/bin/xauth
> Port <Unknown>
> Host                          box9
> Source RPM Packages           xorg-x11-xauth-1.0.6-1.fc16.x86_64
> Target RPM Packages           filesystem-2.4.44-1.fc16.x86_64
> Policy RPM                    selinux-policy-3.10.0-75.fc16.noarch
> Selinux Enabled               True
> Policy Type                   targeted
> Enforcing Mode                Enforcing
> Host Name                     box9
> Platform                      Linux box9 3.2.2-1.fc16.x86_64 #1 SMP
> Thu Jan 26
>                               03:21:58 UTC 2012 x86_64 x86_64
> Alert Count                   110
> First Seen                    Mon 05 Mar 2012 08:19:02 AM EST
> Last Seen                     Mon 05 Mar 2012 10:55:37 AM EST
> Local ID                      90fc420a-dec9-47ce-afa5-6132c99ec61d
>
> Raw Audit Messages
> type=AVC msg=audit(1330962937.294:98): avc:  denied  { write } for
> pid=1848 comm="xauth" name="root" dev=sda3 ino=1835009
> scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:default_t:s0 tclass=dirnode=box9
> type=SYSCALL msg=audit(1330962937.294:98): arch=c000003e syscall=2
> success=no exit=-13 a0=7fffea7afea0 a1=c1 a2=180 a3=8 items=0
> ppid=1829 pid=1848 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=pts1 ses=1 comm="xauth" exe="/usr/bin/xauth"
> subj=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 key=(null)
>
>
> Hash: xauth,xauth_t,default_t,None,write
>
> audit2allow
>
>
> audit2allow -R

Replying again as I used the wrong email address to send from.


Ok so for some odd reason root's home directory isn't labeled properly. 
You can see this by typing ls -Z in / and seeing that /root is labeled 
default_t and then checking what it should be by typing matchpathcon 
/root. Did you have SELinux disabled at any point? If so you might want 
to relabel your entire system (touch /.autorelabel and reboot). If not 
just type restorecon -Rvv /root and it should fix up all of the labels 
properly.

Dave

More information about the users mailing list