On Sun, Jan 03, 2010 at 06:19:05PM +0100, Göran Uddeborg wrote:
> Dominick Grift:
> > > -rw------- root root system_ubject_r:xauth_home_t:SystemLow .xauthrZ8z8F
> > This (above) is the entry i am most interested in. The file apears created by system_u (some system service). Could it be that we are missing an domain transition somewhere?
>
> > This command, i think, returns potential problems:
> > sesearch --allow -t xauth_exec_t | grep execute_no_trans
>
> That didn't find anything at all. (And consequently, adding a grep
> for sudo at the end didn't show anything either.)

That is odd, these commands do return stuff on my f12 system(s)

>
> > Do you have stuff running initrc_t? (ps auxZ | grep initrc_t)
>
> There are (now) four such processes:
>
> system_u:system_r:initrc_t:SystemLow nobody 1899 0.0 0.0 105448 876 ? Ss 2009 4:04 /bin/bash /usr/local/sbin/adslmon
> system_u:system_r:initrc_t:SystemLow-SystemHigh root 2552 0.0 0.0 52088 1640 ? S 2009 0:05 /usr/libexec/polkit-1/polkitd

Looks like polkit runs in the wrong SELinux environment (do not know if this at all related though):
That might signal that some files on your system may be mislabeled (i would suggest a file system relabel just for peace of mind)

[dgrift@localhost selinux-modules]$ ps auxZ | grep polkit-1
system_u:system_rolicykit_t:s0-s0:c0.c1023 root 1712 0.0 0.0 51524 3636 ? S 12:58 0:00 /usr/libexec/polkit-1/polkitd

> unconfined_u:system_r:initrc_t:SystemLow root 25981 0.0 0.0 39280 536 ? Ss 2009 0:14 hostapd -B -ddK /etc/hostapd/hostapd.conf
> system_u:system_r:initrc_t:SystemLow nobody 29310 0.0 0.0 104648 656 ? S 18:12 0:00 sleep 10
>
> adslmon is a script I use to monitor when my ADSL connection goes down
> and when it comes up again. The sleep is called from that script. I
> can't imagine it would be involved, but just in case you want to see
> it I put a copy at ftp://ftp.uddeborg.se/pub/adslmon
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Dominick Grift:
> That is odd, these commands do return stuff on my f12 system(s)

Odd indeed. Are we on the same policy? I have 3.6.32-63.fc12.

If you wish to compare, I've placed the output of "sesearch --allow -t
xauth_exec_t" in ftp://ftp.uddeborg.se/pub/sesearch


> Looks like polkit runs in the wrong SELinux environment

I ran restorecon on polkitd, and its type was indeed changed. I
restarted it, and it looks better now.

mimmi$ ps -ZC polkitd
LABEL PID TTY TIME CMD
system_u:system_rolicykit_t:SystemLow-SystemHigh 723 ? 00:00:00 polkitd

> (i would suggest a file system relabel just for peace of mind)

Probably a good idea. First, I'm running a "fixfiles check" on
everything now, to see if I can find anything that would explain the
behaviour. So far it has only found pretty unimportant things, like
files under ~/.gconf that had user_home_t rather than gconf_home_t.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list