FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 12-29-2009, 08:32 PM
"Göran Uddeborg"
 
Default AVC:s on xauth file when doing su

Whenever I do "su" in an xterm window, I get two AVC denials. The
command xauth is denied to read and write a file .xauthXXXXX where
XXXXX is some random string different each time. (I encose an example
below.)

I would bugzilla this, but I'm (as often) not quite sure if it's the
policy or if it's me. That is, if maybe this is not intended to be
allowed? Or if there there something else I might be missing? I
can't see any boolean I would connect to this.

So, is this a bug I should report, or is it intentional?

----
time->Tue Dec 29 21:32:48 2009
type=SYSCALL msg=audit(1262118768.835:41732): arch=c000003e syscall=21 success=no exit=-13 a0=7fff99bd14d5 a1=2 a2=0 a3=7fff99bcfd10 items=0 ppid=5506 pid=5511 auid=503 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts6 ses=96 comm="xauth" exe="/usr/bin/xauth" subj=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1262118768.835:41732): avc: denied { write } for pid=5511 comm="xauth" name=".xauthbDy84s" dev=dm-0 ino=5341320 scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:admin_home_t:s0 tclass=file
----
time->Tue Dec 29 21:32:48 2009
type=SYSCALL msg=audit(1262118768.836:41733): arch=c000003e syscall=2 success=no exit=-13 a0=7fff99bd14d5 a1=0 a2=1b6 a3=0 items=0 ppid=5506 pid=5511 auid=503 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts6 ses=96 comm="xauth" exe="/usr/bin/xauth" subj=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1262118768.836:41733): avc: denied { read } for pid=5511 comm="xauth" name=".xauthbDy84s" dev=dm-0 ino=5341320 scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:admin_home_t:s0 tclass=file

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 10:22 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org