Problem with su -
David Quigley
selinux at davequigley.com
Mon Mar 5 16:35:34 UTC 2012
On 03/05/2012 11:01, Bob Goodwin wrote:
> On 05/03/12 10:49, David Quigley wrote:
>> On 03/05/2012 10:21, Bob Goodwin wrote:
>>> On 05/03/12 09:39, Bob Goodwin wrote:
>>>> I have an F-16 computer that was working normally a couple
>>>> of
>>>> days ago when run this morning has an unusual [to me]
>>>> problem.
>>
>> Would you mind running sealert -l
>> 90fc420a-dec9-47ce-afa5-6132c99ec61d and posting the output here so we
>> can see what the problem is?
>>
>
> [bobg at box9 ~]$ sealert -l 90fc420a-dec9-47ce-afa5-6132c99ec61d
> SELinux is preventing /usr/bin/xauth from write access on the None
> /root.
>
> ***** Plugin catchall (100. confidence) suggests
> ***************************
>
> If you believe that xauth should be allowed write access on the root
> <Unknown> by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep xauth /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
>
>
> Additional Information:
> Source Context
> unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023
> Target Context unconfined_u:object_r:default_t:s0
> Target Objects /root [ None ]
> Source xauth
> Source Path /usr/bin/xauth
> Port <Unknown>
> Host box9
> Source RPM Packages xorg-x11-xauth-1.0.6-1.fc16.x86_64
> Target RPM Packages filesystem-2.4.44-1.fc16.x86_64
> Policy RPM selinux-policy-3.10.0-75.fc16.noarch
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Host Name box9
> Platform Linux box9 3.2.2-1.fc16.x86_64 #1 SMP
> Thu Jan 26
> 03:21:58 UTC 2012 x86_64 x86_64
> Alert Count 110
> First Seen Mon 05 Mar 2012 08:19:02 AM EST
> Last Seen Mon 05 Mar 2012 10:55:37 AM EST
> Local ID 90fc420a-dec9-47ce-afa5-6132c99ec61d
>
> Raw Audit Messages
> type=AVC msg=audit(1330962937.294:98): avc: denied { write } for
> pid=1848 comm="xauth" name="root" dev=sda3 ino=1835009
> scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:default_t:s0 tclass=dirnode=box9
> type=SYSCALL msg=audit(1330962937.294:98): arch=c000003e syscall=2
> success=no exit=-13 a0=7fffea7afea0 a1=c1 a2=180 a3=8 items=0
> ppid=1829 pid=1848 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=pts1 ses=1 comm="xauth" exe="/usr/bin/xauth"
> subj=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 key=(null)
>
>
> Hash: xauth,xauth_t,default_t,None,write
>
> audit2allow
>
>
> audit2allow -R
Replying again as I used the wrong email address to send from.
Ok so for some odd reason root's home directory isn't labeled properly.
You can see this by typing ls -Z in / and seeing that /root is labeled
default_t and then checking what it should be by typing matchpathcon
/root. Did you have SELinux disabled at any point? If so you might want
to relabel your entire system (touch /.autorelabel and reboot). If not
just type restorecon -Rvv /root and it should fix up all of the labels
properly.
Dave
More information about the users
mailing list