[Bug 508922] Review Request: system-config-selinux - GUI Code for system-config-selinux, polgen, and lockdown

bugzilla at redhat.com bugzilla at redhat.com
Sun Nov 22 12:25:21 UTC 2009

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


--- Comment #25 from David Timms <dtimms at iinet.net.au>  2009-11-22 07:24:58 EDT ---
There is a possibility that the above error is caused by something going wrong
with nautilus (dbus error), yet:

I also got an selinux notification (note "system-config-s" not the full name):

SELinux is preventing /usr/bin/python "getsched" access.

Detailed Description:

SELinux denied access requested by system-config-s. It is not expected that
access is required by system-config-s and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug

Additional Information:

Source Context                system_u:system_r:semanage_t:s0-s0:c0.c1023
Target Context                system_u:system_r:semanage_t:s0-s0:c0.c1023
Target Objects                None [ process ]
Source                        system-config-s
Source Path                   /usr/bin/python
Port                          <Unknown>
Host                          davidtdesktop
Source RPM Packages           python-2.6.2-2.fc12
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.32-46.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     davidtdesktop
Platform                      Linux davidtdesktop #1
                              SMP Sat Nov 7 21:25:57 EST 2009 i686 athlon
Alert Count                   4
First Seen                    Sun 22 Nov 2009 10:56:40 PM EST
Last Seen                     Sun 22 Nov 2009 11:09:30 PM EST
Local ID                      796a9ac4-bdba-4327-baca-49f471fda2c6
Line Numbers                  

Raw Audit Messages            

node=davidtdesktop type=AVC msg=audit(1258891770.762:1341): avc:  denied  {
getsched } for  pid=13802 comm="system-config-s"
tcontext=system_u:system_r:semanage_t:s0-s0:c0.c1023 tclass=process

node=davidtdesktop type=SYSCALL msg=audit(1258891770.762:1341): arch=40000003
syscall=157 success=no exit=-13 a0=35ea a1=ffffffc8 a2=6feff4 a3=b77576c0
items=0 ppid=13801 pid=13802 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="system-config-s"
exe="/usr/bin/python" subj=system_u:system_r:semanage_t:s0-s0:c0.c1023

SELinux Policy Generation Tool: starts up, but is delayed by maybe 5 seconds,
giving me the impression that it isn't going to work, or that something has
gone wrong.
Actually, the delay to any form of GUI appears is: time selinux-polgengui 

real 0m11.499s
user 0m10.022s
sys 0m0.064s

My preference would be for the GUI to appear immediately on the screen, but
then show some sort of progress bar to indicate that it needs to do something
(what) before it's is ready for user input. It's especially helpful if there
are say 500 records to read, that the bar progresses appropriately (please
don't implement Knight Rider ~progress bards).

The alternate is to call that function that makes an item appear in the task
bar during the app start...

Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the package-review mailing list