On Wednesday 29 September 2010 04:49:25 Kevin Kofler wrote:
Rex Dieter wrote:
Bug 590883 SELinux is preventing /usr/libexec/kde4/kdm_greet "write" access on /bin. - https://bugzilla.redhat.com/show_bug.cgi?id=590883
or anything even resembling that, is a blocker for us to release f14 and f13/kde-4.5.x updates.
turns out, try as I might, I am unable to reproduce any selinux alerts on my f13 + kde-4.5.x (from kde-testing) test box. I'm going to reboot into f14 here in a bit... but,
If anyone else can reliably reproduce any selinux alerts on an up-to-date f13/kde-4.5.x install or f14, please chime in here or in the aforementioned bug. Thank you.
It turns out that this is an issue with Qt 4.7, not KDE 4.5.
Hi, I doubt if it's a Qt 4.7 issue. My rawhide doesn't give the alerts, but Fc14 does (running as virtual machine, qemu-kvm)
* Rawhide: qt-4.7.0-4.fc15.x86_64 kdelibs-4.5.1-4.fc15.x86_64
* fc14: (Fedora fc14 RC3 liveCD + updates) qt-4.7.0-3.fc14.x86_64 kdelibs-4.5.1-3.fc14.x86_64
* fc14 dmesg: type=1400 audit(1285751102.664:17458): avc: denied { write } for pid=1390 comm="kdm_greet" name="startkde" dev=dm-0 ino=44558 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=1400 audit(1285751102.664:17458): avc: denied { write } for pid=1390 comm="kdm_greet" name="lnusertemp" dev=dm-0 ino=14261 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
Martin Kho
More details in the bug report and the linked upstream bug report I filed.
Kevin Kofler
kde mailing list kde@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/kde New to KDE4? - get help from http://userbase.kde.org
On 09/29/2010 04:36 AM, Martin Kho wrote:
I doubt if it's a Qt 4.7 issue. My rawhide doesn't give the alerts, but Fc14 does (running as virtual machine, qemu-kvm)
We're sure it is now. :) Kevin looked at the code.
I'd welcome any counter examples, of folks using qt-4.6.x who get similar alerts. (Which exmplains why I, using qt-4.6.3, couldn't reproduce this for the life of me).
-- Rex