Dear fellow selinux experts and users,
I had problems updating a rawhide machine and I used xfce spin to get back in the saddle.
I encountered two denials and I post them here for guidance.
Thanks in Advance,
Antonio
Summary:
SELinux is preventing the ck-get-x11-serv from using potentially mislabeled
files (.Xauthority).
Detailed Description:
SELinux has denied ck-get-x11-serv access to potentially mislabeled file(s)
(.Xauthority). This means that SELinux will not allow ck-get-x11-serv to use
these files. It is common for users to edit files in their home directory or tmp
directories and then move (mv) them to system directories. The problem is that
the files end up with the wrong file context which confined applications are not
allowed to access.
Allowing Access:
If you want ck-get-x11-serv to access this files, you need to relabel them using
restorecon -v '.Xauthority'. You might want to relabel the entire directory
using restorecon -R -v ''.
Additional Information:
Source Context system_u:system_r:consolekit_t:s0-s0:c0.c1023
Target Context unconfined_u:object_r:admin_home_t:s0
Target Objects .Xauthority [ file ]
Source ck-get-x11-serv
Source Path /usr/libexec/ck-get-x11-server-pid
Port <Unknown>
Host (removed)
Source RPM Packages ConsoleKit-x11-0.3.1-2.fc12
Target RPM Packages
Policy RPM selinux-policy-3.6.26-8.fc12
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name home_tmp_bad_labels
Host Name (removed)
Platform Linux localhost.localdomain
2.6.31-0.125.rc5.git2.fc12.i686 #1 SMP Tue Aug 4
03:18:57 EDT 2009 i686 i686
Alert Count 1
First Seen Wed 12 Aug 2009 02:42:54 AM CDT
Last Seen Wed 12 Aug 2009 02:42:54 AM CDT
Local ID ffd20bb6-e1cf-466f-b51e-9de4c94b4991
Line Numbers
Raw Audit Messages
node=localhost.localdomain type=AVC msg=audit(1250062974.438:22): avc: denied { read }
for pid=1325 comm="ck-get-x11-serv" name=".Xauthority" dev=dm-0
ino=78946 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
node=localhost.localdomain type=SYSCALL msg=audit(1250062974.438:22): arch=40000003
syscall=33 success=no exit=-13 a0=bffedfbc a1=4 a2=18ab18 a3=bffedfbc items=0 ppid=1324
pid=1325 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="ck-get-x11-serv"
exe="/usr/libexec/ck-get-x11-server-pid"
subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null)
Can't copy the wine and can't submit the above one to bugzilla. The wine one
looks serious as I try to run some windows programs that worked before without problems.
Will see how I can capture them?
Show replies by date