Problem with su -

Bob Goodwin bobgoodwin at wildblue.net
Mon Mar 5 16:01:03 UTC 2012 

On 05/03/12 10:49, David Quigley wrote:
> On 03/05/2012 10:21, Bob Goodwin wrote:
>> On 05/03/12 09:39, Bob Goodwin wrote:
>>>        I have an F-16 computer that was working normally a couple of
>>>        days ago when run this morning has an unusual [to me] problem.
>
> Would you mind running sealert -l 90fc420a-dec9-47ce-afa5-6132c99ec61d 
> and posting the output here so we can see what the problem is?
>

[bobg at box9 ~]$ sealert -l 90fc420a-dec9-47ce-afa5-6132c99ec61d
SELinux is preventing /usr/bin/xauth from write access on the None /root.

*****  Plugin catchall (100. confidence) suggests  
***************************

If you believe that xauth should be allowed write access on the root 
<Unknown> by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep xauth /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Additional Information:
Source Context                
unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023
Target Context                unconfined_u:object_r:default_t:s0
Target Objects                /root [ None ]
Source                        xauth
Source Path                   /usr/bin/xauth
Port <Unknown>
Host                          box9
Source RPM Packages           xorg-x11-xauth-1.0.6-1.fc16.x86_64
Target RPM Packages           filesystem-2.4.44-1.fc16.x86_64
Policy RPM                    selinux-policy-3.10.0-75.fc16.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     box9
Platform                      Linux box9 3.2.2-1.fc16.x86_64 #1 SMP Thu 
Jan 26
                               03:21:58 UTC 2012 x86_64 x86_64
Alert Count                   110
First Seen                    Mon 05 Mar 2012 08:19:02 AM EST
Last Seen                     Mon 05 Mar 2012 10:55:37 AM EST
Local ID                      90fc420a-dec9-47ce-afa5-6132c99ec61d

Raw Audit Messages
type=AVC msg=audit(1330962937.294:98): avc:  denied  { write } for  
pid=1848 comm="xauth" name="root" dev=sda3 ino=1835009 
scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 
tcontext=unconfined_u:object_r:default_t:s0 tclass=dirnode=box9 
type=SYSCALL msg=audit(1330962937.294:98): arch=c000003e syscall=2 
success=no exit=-13 a0=7fffea7afea0 a1=c1 a2=180 a3=8 items=0 ppid=1829 
pid=1848 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 
fsgid=0 tty=pts1 ses=1 comm="xauth" exe="/usr/bin/xauth" 
subj=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 key=(null)


Hash: xauth,xauth_t,default_t,None,write

audit2allow


audit2allow -R

More information about the users mailing list