AVC:s on xauth file when doing su

Dominick Grift domg472 at gmail.com
Sun Jan 3 17:48:41 UTC 2010 

On Sun, Jan 03, 2010 at 06:19:05PM +0100, Göran Uddeborg wrote:
> Dominick Grift:
> > >     -rw-------  root root system_u:object_r:xauth_home_t:SystemLow .xauthrZ8z8F
> > This (above) is the entry i am most interested in. The file apears created by system_u (some system service). Could it be that we are missing an domain transition somewhere?
> 
> > This command, i think, returns potential problems:
> > sesearch --allow -t xauth_exec_t | grep execute_no_trans
> 
> That didn't find anything at all.  (And consequently, adding a grep
> for sudo at the end didn't show anything either.)

That is odd, these commands do return stuff on my f12 system(s)

> 
> > Do you have stuff running initrc_t? (ps auxZ | grep initrc_t)
> 
> There are (now) four such processes:
> 
>     system_u:system_r:initrc_t:SystemLow nobody 1899 0.0  0.0 105448  876 ?        Ss    2009   4:04 /bin/bash /usr/local/sbin/adslmon
>     system_u:system_r:initrc_t:SystemLow-SystemHigh root 2552 0.0  0.0 52088 1640 ? S    2009   0:05 /usr/libexec/polkit-1/polkitd

Looks like polkit runs in the wrong SELinux environment (do not know if this at all related though):
That might signal that some files on your system may be mislabeled (i would suggest a file system relabel just for peace of mind)

[dgrift at localhost selinux-modules]$ ps auxZ | grep polkit-1
system_u:system_r:policykit_t:s0-s0:c0.c1023 root 1712 0.0  0.0 51524 3636 ?   S    12:58   0:00 /usr/libexec/polkit-1/polkitd

>     unconfined_u:system_r:initrc_t:SystemLow root 25981 0.0  0.0 39280 536 ?       Ss    2009   0:14 hostapd -B -ddK /etc/hostapd/hostapd.conf
>     system_u:system_r:initrc_t:SystemLow nobody 29310 0.0  0.0 104648 656 ?        S    18:12   0:00 sleep 10
> 
> adslmon is a script I use to monitor when my ADSL connection goes down
> and when it comes up again.  The sleep is called from that script.  I
> can't imagine it would be involved, but just in case you want to see
> it I put a copy at ftp://ftp.uddeborg.se/pub/adslmon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100103/b7f0c1a2/attachment.bin

More information about the selinux mailing list