acv denied from screensaver

Richard Hally rhallyx at mindspring.com
Sat Jul 10 07:47:37 UTC 2004


The messages below occured while booting with the latest strict policy 
in enforcing mode. One of the things that  is not working is the 
screensaver. The first message indicates that the problem with the 
screensaver may be related to context of files in /tmp created by xdm.


Jul 10 03:13:22 new2 kernel: audit(1089443602.916:0): avc:  denied  { 
search } for  pid=3288 exe=/usr/X11R6/bin/xscreensaver name=.X11-unix 
dev=hda2 ino=1840550 scontext=richard:staff_r:staff_screensaver_t 
tcontext=system_u:object_r:xdm_tmp_t tclass=dir

The additional messages below may or may not be related.

Jul 10 03:13:24 new2 kernel: audit(1089443604.337:0): avc:  denied  { 
create } for  pid=3161 exe=/usr/bin/gnome-session 
scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t 
tclass=netlink_route_socket

the message above repeates 5 times then:

Jul 10 03:13:30 new2 kernel: audit(1089443610.307:0): avc:  denied  { 
getattr }
for  pid=3390 exe=/usr/libexec/gnome-vfs-daemon path=/initrd dev=ram0 
ino=2 scontext=richard:staff_r:staff_t tcontext=system_u:object_r:file_t 
tclass=dir
Jul 10 03:13:31 new2 kernel: audit(1089443611.639:0): avc:  denied  { 
getattr }
for  pid=3401 exe=/usr/bin/nautilus path=/initrd dev=ram0 ino=2 
scontext=richard:staff_r:staff_t tcontext=system_u:object_r:file_t 
tclass=dir
Jul 10 03:13:31 new2 kernel: audit(1089443611.788:0): avc:  denied  { 
getattr }
for  pid=3402 exe=/usr/bin/nautilus path=/initrd dev=ram0 ino=2 
scontext=richard:staff_r:staff_t tcontext=system_u:object_r:file_t 
tclass=dir
Jul 10 03:13:36 new2 kernel: audit(1089443616.055:0): avc:  denied  { 
create } for  pid=3161 exe=/usr/bin/gnome-session 
scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t 
tclass=netlink_route_socket
Jul 10 03:15:09 new2 kernel: audit(1089443709.073:0): avc:  denied  { 
create } for  pid=3161 exe=/usr/bin/gnome-session 
scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t 
tclass=netlink_route_socket




More information about the selinux mailing list