gdm has problems with selinux or vice versa
Antonio Olivares
olivares14031 at yahoo.com
Tue Nov 13 00:12:39 UTC 2007
--- Antonio Olivares <olivares14031 at yahoo.com> wrote:
>
> --- Daniel J Walsh <dwalsh at redhat.com> wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Antonio Olivares wrote:
> > > Dear all,
> > >
> > > after updating and getting the INIT: error that
> I
> > had posted before, I can login by pressing enter
> and
> > get X, however, when starting up I am greeted by
> > setroubleshooter with some messages
> > >
> > > [olivares at localhost ~]$ cat /etc/fedora-release
> > > Fedora release 8.90 (Rawhide)
> > > [olivares at localhost ~]$ date
> > > Sun Nov 11 10:40:25 CST 2007
> > > [olivares at localhost ~]$
> > >
> > > I try to apply the fix suggested, but it does
> not
> > seem to be working :(
=== message truncated ===
./touch autorelabel
did not fix anything :( Still see these
Summary
SELinux is preventing gdm (xdm_t) "getattr" to
/bin/rpm (rpm_exec_t).
Detailed Description
SELinux denied access requested by gdm. It is not
expected that this access
is required by gdm and this access may signal an
intrusion attempt. It is
also possible that the specific version or
configuration of the application
is causing it to require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux
denials. You could try to
restore the default system file context for
/bin/rpm, restorecon -v /bin/rpm
If this does not work, there is currently no
automatic way to allow this
access. Instead, you can generate a local policy
module to allow this
access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
Or you
can disable SELinux protection altogether.
Disabling SELinux protection is
not recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.
Additional Information
Source Context
system_u:system_r:xdm_t:SystemLow-SystemHigh
Target Context
system_u:object_r:rpm_exec_t
Target Objects /bin/rpm [ file ]
Affected RPM Packages rpm-4.4.2.2-7.fc9
[target]
Policy RPM
selinux-policy-3.0.8-44.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall_file
Host Name localhost
Platform Linux localhost
2.6.23.1-42.fc8 #1 SMP Tue Oct 30
13:55:12 EDT 2007 i686
athlon
Alert Count 4401
First Seen Sun 11 Nov 2007 09:11:06
AM CST
Last Seen Mon 12 Nov 2007 06:09:42
PM CST
Local ID
e1676a84-c6d0-45b8-97d7-c7cae2d755c1
Line Numbers
Raw Audit Messages
avc: denied { getattr } for comm=gdm dev=dm-0 egid=0
euid=0 exe=/bin/bash
exit=-13 fsgid=0 fsuid=0 gid=0 items=0 path=/bin/rpm
pid=4958
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 suid=0
tclass=file
tcontext=system_u:object_r:rpm_exec_t:s0 tty=(none)
uid=0
Thanks,
Antonio
____________________________________________________________________________________
Be a better pen pal.
Text or chat with friends inside Yahoo! Mail. See how. http://overview.mail.yahoo.com/
More information about the test
mailing list