selinux June 2007

selinux@lists.fedoraproject.org

50 participants
63 discussions

Fedora 7 Alsa avc
by Bob Kashani 01 Jun '07

01 Jun '07

I'm getting this avc on F7 but audio seems to be working fine. But I thought that I would report it anyway. Relevant avc: Jun 1 12:48:17 chaucer kernel: audit(1180727286.622:6): avc: denied { search } for pid=1076 comm="salsa" name="root" dev =sda2 ino=940065 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir

1 0

Some enhancements for pam_namespace
by Tomas Mraz 01 Jun '07

01 Jun '07

I've implemented some enhancements for pam_namespace which can be used for temporary logons. These enhancements were proposed by Dan Walsh. Please review if you're interested. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241226 https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=155825 -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb

1 0

gnome-settings-daemon fails in strict policy at version 2301
by NZzi 01 Jun '07

01 Jun '07

i check out policy from svn at version 2301, and build at FC7 Rawhide. after switching from target to strict, i can not make my gnome-settings-daemon work well: ### the detail contexts is in thread: http://marc.info/?l=selinux&m=118050940823692&w=2 ### i login as normal user through X window, but i got another errors: "Fails to execute program: /usr/libexec/gnome-settings-daemon" corresponding avc were: type=AVC msg=audit(1180319582.421:32): avc: denied { execute } for pid=1855 comm="dbus-daemon" name="gnome-settings-daemon" dev=sda1 ino=215756 scontext=user_u:user_r:user_dbusd_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file type=AVC msg=audit(1180319582.421:32): avc: denied { execute_no_trans } for pid=1855 comm="dbus-daemon" name="gnome-settings-daemon" dev=sda1 ino=215756 scontext=user_u:user_r:user_dbusd_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file i add two template call in dbus_per_role_template() to remove these tow errors: corecmd_exec_bin($1_dbusd_t) additionally, there are still another erros about gnome-settings-daemon: type=AVC msg=audit(1180319581.037:31): avc: denied { search } for pid=1844 comm="dbus-daemon" name="yangshao" dev=sda1 ino=1407785 scontext=user_u:user_r:user_dbusd_t:s0 tcontext=system_u:object_r:user_home_dir_t:s0 tclass=dir i user a interface to remove this denied error: userdom_search_user_home_dirs($1,$1_dbusd_t) (also in dbus_per_role_template()) after re-make and reboot, i got another errors: "... /usr/libexec/gnome-settings-daemon received singal 6..." it seemed that gnome-settings-daemon received SIGABRT signal, and i found an avc denied messages: type=AVC msg=audit(1180493663.406:31): avc: denied { getsched } for pid=1856 comm="gnome-settings-" scontext=user_u:user_r:user_dbusd_t:s0 tcontext=user_u:user_r:user_dbusd_t:s0 tclass=process so i permit getsched of user_dbusd_t to try to fix this "signal 6" errors: allow $1_dbusd_t self:process { getattr sigkill signal getsched }; but after adding this, gnome-settings-daemon exit with status 1 after rebooting, and some avc denied messages came out: type=AVC msg=audit(1180494884.832:87): avc: denied { search } for pid=2112 comm="gnome-settings-" name=".X11-unix" dev=sda1 ino=327976 scontext=user_u:user_r:user_dbusd_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=dir type=AVC msg=audit(1180494884.840:88): avc: denied { create } for pid=2112 comm="gnome-settings-" scontext=user_u:user_r:user_dbusd_t:s0 tcontext=user_u:user_r:user_dbusd_t:s0 tclass=netlink_route_socket type=AVC msg=audit(1180494884.840:89): avc: denied { name_connect } for pid=2112 comm="gnome-settings-" dest=6000 scontext=user_u:user_r:user_dbusd_t:s0 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket i wonder are these errors caused by my modification, and how to make the gnome-settings-daemon work??? thanks in advance

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

selinux June 2007