SELinux is preventing the ck-get-x11-serv from using potentially mislabeled files (<Unknown>).
Daniel J Walsh
dwalsh at redhat.com
Mon Nov 19 20:22:49 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
> Just as I sent out the other mail about the selinux denying X I have gotten this one, what should I do? Advice/comments/suggestions are welcome.
>
> Regards,
>
> Antonio
>
> Summary
> SELinux is preventing the ck-get-x11-serv from using potentially mislabeled
> files (<Unknown>).
>
> Detailed Description
> SELinux has denied ck-get-x11-serv access to potentially mislabeled file(s)
> (<Unknown>). This means that SELinux will not allow ck-get-x11-serv to use
> these files. It is common for users to edit files in their home directory
> or tmp directories and then move (mv) them to system directories. The
> problem is that the files end up with the wrong file context which confined
> applications are not allowed to access.
>
> Allowing Access
> If you want ck-get-x11-serv to access this files, you need to relabel them
> using restorecon -v <Unknown>. You might want to relabel the entire
> directory using restorecon -R -v <Unknown>.
>
> Additional Information
>
> Source Context system_u:system_r:consolekit_t
> Target Context system_u:object_r:user_home_t
> Target Objects None [ file ]
> Affected RPM Packages
> Policy RPM selinux-policy-3.0.8-44.fc8
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name plugins.home_tmp_bad_labels
> Host Name localhost
> Platform Linux localhost 2.6.24-0.38.rc2.git6.fc9 #1 SMP
> Fri Nov 16 17:20:39 EST 2007 i686 athlon
> Alert Count 5
> First Seen Sun 11 Nov 2007 09:40:02 AM CST
> Last Seen Mon 19 Nov 2007 07:25:44 AM CST
> Local ID fa84efec-ad7f-46d6-a356-d16d9235b774
> Line Numbers
>
> Raw Audit Messages
>
> avc: denied { read } for comm=ck-get-x11-serv dev=dm-0 name=.Xauthority pid=2874
> scontext=system_u:system_r:consolekit_t:s0 tclass=file
> tcontext=system_u:object_r:user_home_t:s0
>
>
>
>
>
>
> ____________________________________________________________________________________
> Get easy, one-click access to your favorites.
> Make Yahoo! your homepage.
> http://www.yahoo.com/r/hs
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
This is strange, we worked to change startx to prvent this situation. I
will update policy to dontaudit this.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHQfCZrlYvE4MpobMRAt2hAJ925CgGfugXwWMIElpz+Eue+h/SowCgwNbj
yikbgqVuAIsMDCHBhiyM6Fw=
=eikC
-----END PGP SIGNATURE-----
More information about the test
mailing list