acv denied from screensaver

Daniel J Walsh dwalsh at redhat.com
Mon Jul 12 17:19:18 UTC 2004


Richard Hally wrote:

> The messages below occured while booting with the latest strict policy 
> in enforcing mode. One of the things that  is not working is the 
> screensaver. The first message indicates that the problem with the 
> screensaver may be related to context of files in /tmp created by xdm.
>
>
> Jul 10 03:13:22 new2 kernel: audit(1089443602.916:0): avc:  denied  { 
> search } for  pid=3288 exe=/usr/X11R6/bin/xscreensaver name=.X11-unix 
> dev=hda2 ino=1840550 scontext=richard:staff_r:staff_screensaver_t 
> tcontext=system_u:object_r:xdm_tmp_t tclass=dir
>
> The additional messages below may or may not be related.
>
> Jul 10 03:13:24 new2 kernel: audit(1089443604.337:0): avc:  denied  { 
> create } for  pid=3161 exe=/usr/bin/gnome-session 
> scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t 
> tclass=netlink_route_socket

These should have been dontaudited.  Are you running with enableaudit?

>
> the message above repeates 5 times then:
>
> Jul 10 03:13:30 new2 kernel: audit(1089443610.307:0): avc:  denied  { 
> getattr }
> for  pid=3390 exe=/usr/libexec/gnome-vfs-daemon path=/initrd dev=ram0 
> ino=2 scontext=richard:staff_r:staff_t 
> tcontext=system_u:object_r:file_t tclass=dir
> Jul 10 03:13:31 new2 kernel: audit(1089443611.639:0): avc:  denied  { 
> getattr }
> for  pid=3401 exe=/usr/bin/nautilus path=/initrd dev=ram0 ino=2 
> scontext=richard:staff_r:staff_t tcontext=system_u:object_r:file_t 
> tclass=dir
> Jul 10 03:13:31 new2 kernel: audit(1089443611.788:0): avc:  denied  { 
> getattr }
> for  pid=3402 exe=/usr/bin/nautilus path=/initrd dev=ram0 ino=2 
> scontext=richard:staff_r:staff_t tcontext=system_u:object_r:file_t 
> tclass=dir
> Jul 10 03:13:36 new2 kernel: audit(1089443616.055:0): avc:  denied  { 
> create } for  pid=3161 exe=/usr/bin/gnome-session 
> scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t 
> tclass=netlink_route_socket
> Jul 10 03:15:09 new2 kernel: audit(1089443709.073:0): avc:  denied  { 
> create } for  pid=3161 exe=/usr/bin/gnome-session 
> scontext=richard:staff_r:staff_t tcontext=richard:staff_r:staff_t 
> tclass=netlink_route_socket
>
/initrd should have been umounted at when the boot completes.  we have 
to figure out why it is not umounted.  The rest are being caused because 
of enableaudit I believe.

> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list





More information about the selinux mailing list