I was not able to get VirtualGL and selinux to work together.
It is something during boot time it seems.* I have tried generating
rules based on audit/audit.log.
The VirtualGL web http://www.virtualgl.org/Documentation/RHEL6
states they don't know how to make it work either.
I have tried in permissive mode after boot and that did not work
either,
which is why I think it is something during boot time.* Like the
device
setup. My guess is related to: /dev/dri as it sets up these and then
access to the /dev/nvidia0 and /dev/nvidiactl are restricted to
vglusers
group (in my case it can be configured with/without group
restriction).
From VirtualGL website they also have:
vglgenkey
Issues
Currently, the
only known way to make*vglgenkey*work
(vglgenkey*is
used to grant 3D X Server access to members of the*vglusers*group) is to disable
SELinux. With SELinux enabled, the*/usr/bin/xauth*file is hidden within
the context of the GDM startup scripts, so*vglgenkey*has no way of generating
or importing an xauth key to*/etc/opt/VirtualGL/vgl_xauth_key*(and, for that matter,
access is denied to*/etc/opt/VirtualGL*as well.)
Perhaps
someone with a greater knowledge of SELinux can explain how to
disable enforcement only for GDM and not the whole system.
I
had reinstalled that previous machine and don't
have the other rules I applied.
I repeated this on another machine, and did not run any
audit2allow.
Also there are 2 problems:
*** 1. Boot time problem with the VirtualGL which seems to
generate a
******* avc message.* (Fails if the machine is not booted in
permissive or
******* disabled mode)
*** 2. A problem with xauth when setenforce is enforcing.
********** (This works if setenforce is permissive or disabled
regardless
************ of the boot time settings).
The machine policy is set to targeted.
Attached is the longer data with strace.** The xauth does not
seem
to generate any audit.log messages even with semodule -DB, but
if
I turn selinux to permissive the xauth commands succeed.
To clarify:
*** - It works if the system is booted with /etc/selinux/config
********* SELINUX=permissive
******* or
********** SELINUX=disable
*** - It fails if the system is booted with /etc/selinux/config
********** SELINUX=enforcing
****** * Even if after the boot 'setenforce 0' is run
********* - My
I do get avc message, note this is running in permissive mode.
[root@amelie mdalton]# grep -i avc /var/log/audit/audit.log
type=USER_AVC msg=audit(1331199802.711:70545): user pid=4970
uid=28 auid=0 ses=3756 subj=system_u:system_r:nscd_t:s0
msg='avc:* received policyload notice (seqno=4) : exe="?"
sauid=28 hostname=? addr=? terminal=?'
[root@amelie mdalton]# ls -Z /dev/dri /dev/nvidia*
ls: cannot access /dev/dri: No such file or directory
crw-rw----. root vglusers system_u
bject_r:device_t:s0***
/dev/nvidia0
crw-rw----. root vglusers system_u
bject_r:device_t:s0***
/dev/nvidiactl
Mark
I did not see any messages in the /var/log/audit/audit.log when running xauth
even with semodule -DB.
[root@mymachine ~]# ls -Z /home/myuser/.Xauthority
-rw-------. myuser cses unconfined_u
bject_r:xauth_home_t:s0 /home/myuser/.Xauthority
[root@mymachine ~]# semodule -DB
[root@mymachine ~]# strace xauth -f /etc/opt/VirtualGL/vgl_xauth_key generate :0.0 . trusted timeout 0
execve("/usr/bin/xauth", ["xauth", "-f", "/etc/opt/VirtualGL/vgl_xauth_key", "generate", ":0.0", ".", "trusted", "timeout", "0"], [/* 33 vars */]) = 0
brk(0) = 0x1a40000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f696bd82000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=161072, ...}) = 0
mmap(NULL, 161072, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f696bd5a000
close(3) = 0
open("/usr/lib64/libXau.so.6", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���320
`3747���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=13168, ...}) = 0
mmap(0x37fc600000, 2106112, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fc600000
mprotect(0x37fc602000, 2097152, PROT_NONE) = 0
mmap(0x37fc802000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fc802000
close(3) = 0
open("/usr/lib64/libXext.so.6", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���20052403747���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=76848, ...}) = 0
mmap(0x37fca00000, 2170120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fca00000
mprotect(0x37fca11000, 2097152, PROT_NONE) = 0
mmap(0x37fcc11000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11000) = 0x37fcc11000
close(3) = 0
open("/usr/lib64/libXmuu.so.1", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���36022 3727���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=16400, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f696bd59000
mmap(0x37fa200000, 2109200, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fa200000
mprotect(0x37fa203000, 2093056, PROT_NONE) = 0
mmap(0x37fa402000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fa402000
close(3) = 0
open("/usr/lib64/libX11.so.6", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���2003353413737���".. ., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1308600, ...}) = 0
mmap(0x37fbe00000, 3403160, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fbe00000
mprotect(0x37fbf39000, 2097152, PROT_NONE) = 0
mmap(0x37fc139000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x139000) = 0x37fc139000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "177ELF2113��������3�>�1���360355a3717���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1908792, ...}) = 0
mmap(0x37f9600000, 3733672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37f9600000
mprotect(0x37f9786000, 2097152, PROT_NONE) = 0
mmap(0x37f9986000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x186000) = 0x37f9986000
mmap(0x37f998b000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x37f998b000
close(3) = 0
open("/usr/lib64/libxcb.so.1", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���P206 3747���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=112760, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f696bd58000
mmap(0x37fc200000, 2205608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fc200000
mprotect(0x37fc21b000, 2093056, PROT_NONE) = 0
mmap(0x37fc41a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a000) = 0x37fc41a000
close(3) = 0
open("/lib64/libdl.so.2", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���340
3403717���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=22536, ...}) = 0
mmap(0x37f9e00000, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37f9e00000
mprotect(0x37f9e02000, 2097152, PROT_NONE) = 0
mmap(0x37fa002000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fa002000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f696bd57000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f696bd56000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f696bd55000
arch_prctl(ARCH_SET_FS, 0x7f696bd56700) = 0
mprotect(0x37f9986000, 16384, PROT_READ) = 0
mprotect(0x37fa002000, 4096, PROT_READ) = 0
mprotect(0x37f941f000, 4096, PROT_READ) = 0
munmap(0x7f696bd5a000, 161072) = 0
rt_sigaction(SIGINT, {0x403f40, [INT], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {0x403f40, [TERM], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGHUP, {0x403f40, [HUP], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPIPE, {0x403f40, [PIPE], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
stat("/etc/opt/VirtualGL/vgl_xauth_key-c", {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EEXIST (File exists)
write(2, "xauth: error in locking authori"..., 73xauth: error in locking authority file /etc/opt/VirtualGL/vgl_xauth_key
) = 73
exit_group(1) = ?
[root@mymachine ~]# rm /etc/opt/VirtualGL/vgl_xauth_key-c
rm: remove regular empty file `/etc/opt/VirtualGL/vgl_xauth_key-c'? y
[root@mymachine ~]# strace xauth -vvv -f /etc/opt/VirtualGL/vgl_xauth_key generate :0.0 . trusted timeout 0
execve("/usr/bin/xauth", ["xauth", "-vvv", "-f", "/etc/opt/VirtualGL/vgl_xauth_key", "generate", ":0.0", ".", "trusted", "timeout", "0"], [/* 33 vars */]) = 0
brk(0) = 0x12cc000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f80b13dc000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=161072, ...}) = 0
mmap(NULL, 161072, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f80b13b4000
close(3) = 0
open("/usr/lib64/libXau.so.6", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���320
`3747���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=13168, ...}) = 0
mmap(0x37fc600000, 2106112, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fc600000
mprotect(0x37fc602000, 2097152, PROT_NONE) = 0
mmap(0x37fc802000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fc802000
close(3) = 0
open("/usr/lib64/libXext.so.6", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���20052403747���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=76848, ...}) = 0
mmap(0x37fca00000, 2170120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fca00000
mprotect(0x37fca11000, 2097152, PROT_NONE) = 0
mmap(0x37fcc11000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11000) = 0x37fcc11000
close(3) = 0
open("/usr/lib64/libXmuu.so.1", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���36022 3727���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=16400, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f80b13b3000
mmap(0x37fa200000, 2109200, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fa200000
mprotect(0x37fa203000, 2093056, PROT_NONE) = 0
mmap(0x37fa402000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fa402000
close(3) = 0
open("/usr/lib64/libX11.so.6", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���2003353413737���".. ., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1308600, ...}) = 0
mmap(0x37fbe00000, 3403160, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fbe00000
mprotect(0x37fbf39000, 2097152, PROT_NONE) = 0
mmap(0x37fc139000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x139000) = 0x37fc139000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "177ELF2113��������3�>�1���360355a3717���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1908792, ...}) = 0
mmap(0x37f9600000, 3733672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37f9600000
mprotect(0x37f9786000, 2097152, PROT_NONE) = 0
mmap(0x37f9986000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x186000) = 0x37f9986000
mmap(0x37f998b000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x37f998b000
close(3) = 0
open("/usr/lib64/libxcb.so.1", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���P206 3747���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=112760, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f80b13b2000
mmap(0x37fc200000, 2205608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fc200000
mprotect(0x37fc21b000, 2093056, PROT_NONE) = 0
mmap(0x37fc41a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a000) = 0x37fc41a000
close(3) = 0
open("/lib64/libdl.so.2", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���340
3403717���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=22536, ...}) = 0
mmap(0x37f9e00000, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37f9e00000
mprotect(0x37f9e02000, 2097152, PROT_NONE) = 0
mmap(0x37fa002000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fa002000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f80b13b1000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f80b13b0000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f80b13af000
arch_prctl(ARCH_SET_FS, 0x7f80b13b0700) = 0
mprotect(0x37f9986000, 16384, PROT_READ) = 0
mprotect(0x37fa002000, 4096, PROT_READ) = 0
mprotect(0x37f941f000, 4096, PROT_READ) = 0
munmap(0x7f80b13b4000, 161072) = 0
rt_sigaction(SIGINT, {0x403f40, [INT], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {0x403f40, [TERM], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGHUP, {0x403f40, [HUP], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPIPE, {0x403f40, [PIPE], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
stat("/etc/opt/VirtualGL/vgl_xauth_key-c", 0x7fff3f1050a0) = -1 ENOENT (No such file or directory)
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7fff3f105060) = 0
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7fff3f105060) = 0
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7fff3f105060) = 0
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7fff3f105060) = 0
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7fff3f105060) = 0
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7fff3f105060) = 0
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7fff3f105060) = 0
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7fff3f105060) = 0
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7fff3f105060) = 0
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7fff3f105060) = 0
write(2, "xauth: timeout in locking autho"..., 75xauth: timeout in locking authority file /etc/opt/VirtualGL/vgl_xauth_key
) = 75
exit_group(1) = ?
[root@mymachine ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
[root@mymachine ~]# setenforce permissive
[root@mymachine ~]# strace xauth -vvv -f /etc/opt/VirtualGL/vgl_xauth_key generate :0.0 . trusted timeout 0
execve("/usr/bin/xauth", ["xauth", "-vvv", "-f", "/etc/opt/VirtualGL/vgl_xauth_key", "generate", ":0.0", ".", "trusted", "timeout", "0"], [/* 33 vars */]) = 0
brk(0) = 0x1fc1000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9067658000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=161072, ...}) = 0
mmap(NULL, 161072, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9067630000
close(3) = 0
open("/usr/lib64/libXau.so.6", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���320
`3747���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=13168, ...}) = 0
mmap(0x37fc600000, 2106112, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fc600000
mprotect(0x37fc602000, 2097152, PROT_NONE) = 0
mmap(0x37fc802000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fc802000
close(3) = 0
open("/usr/lib64/libXext.so.6", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���20052403747���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=76848, ...}) = 0
mmap(0x37fca00000, 2170120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fca00000
mprotect(0x37fca11000, 2097152, PROT_NONE) = 0
mmap(0x37fcc11000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11000) = 0x37fcc11000
close(3) = 0
open("/usr/lib64/libXmuu.so.1", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���36022 3727���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=16400, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f906762f000
mmap(0x37fa200000, 2109200, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fa200000
mprotect(0x37fa203000, 2093056, PROT_NONE) = 0
mmap(0x37fa402000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fa402000
close(3) = 0
open("/usr/lib64/libX11.so.6", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���2003353413737���".. ., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1308600, ...}) = 0
mmap(0x37fbe00000, 3403160, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fbe00000
mprotect(0x37fbf39000, 2097152, PROT_NONE) = 0
mmap(0x37fc139000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x139000) = 0x37fc139000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "177ELF2113��������3�>�1���360355a3717���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1908792, ...}) = 0
mmap(0x37f9600000, 3733672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37f9600000
mprotect(0x37f9786000, 2097152, PROT_NONE) = 0
mmap(0x37f9986000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x186000) = 0x37f9986000
mmap(0x37f998b000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x37f998b000
close(3) = 0
open("/usr/lib64/libxcb.so.1", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���P206 3747���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=112760, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f906762e000
mmap(0x37fc200000, 2205608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fc200000
mprotect(0x37fc21b000, 2093056, PROT_NONE) = 0
mmap(0x37fc41a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a000) = 0x37fc41a000
close(3) = 0
open("/lib64/libdl.so.2", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���340
3403717���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=22536, ...}) = 0
mmap(0x37f9e00000, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37f9e00000
mprotect(0x37f9e02000, 2097152, PROT_NONE) = 0
mmap(0x37fa002000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fa002000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f906762d000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f906762c000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f906762b000
arch_prctl(ARCH_SET_FS, 0x7f906762c700) = 0
mprotect(0x37f9986000, 16384, PROT_READ) = 0
mprotect(0x37fa002000, 4096, PROT_READ) = 0
mprotect(0x37f941f000, 4096, PROT_READ) = 0
munmap(0x7f9067630000, 161072) = 0
rt_sigaction(SIGINT, {0x403f40, [INT], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {0x403f40, [TERM], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGHUP, {0x403f40, [HUP], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPIPE, {0x403f40, [PIPE], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
stat("/etc/opt/VirtualGL/vgl_xauth_key-c", 0x7fff037ae1e0) = -1 ENOENT (No such file or directory)
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = 3
close(3) = 0
statfs("/etc/opt/VirtualGL/vgl_xauth_key-c", {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=37797427, f_bfree=22169622, f_bavail=20249622, f_files=9601024, f_ffree=9018205, f_fsid={1618940619, -282490467}, f_namelen=255, f_frsize=4096}) = 0
link("/etc/opt/VirtualGL/vgl_xauth_key-c", "/etc/opt/VirtualGL/vgl_xauth_key-l") = 0
access("/etc/opt/VirtualGL/vgl_xauth_key", F_OK) = -1 ENOENT (No such file or directory)
umask(077) = 022
brk(0) = 0x1fc1000
brk(0x1fe2000) = 0x1fe2000
open("/etc/opt/VirtualGL/vgl_xauth_key", O_RDONLY) = -1 ENOENT (No such file or directory)
access("/etc/opt/VirtualGL/vgl_xauth_key", F_OK) = -1 ENOENT (No such file or directory)
write(2, "xauth: creating new authority f"..., 69xauth: creating new authority file /etc/opt/VirtualGL/vgl_xauth_key
) = 69
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 3), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9067657000
write(1, "Using authority file /etc/opt/Vi"..., 54Using authority file /etc/opt/VirtualGL/vgl_xauth_key
) = 54
socket(PF_FILE, SOCK_STREAM, 0) = 3
connect(3, {sa_family=AF_FILE, path=@"/tmp/.X11-unix/X0"}, 20) = 0
getpeername(3, {sa_family=AF_FILE, path=@"/tmp/.X11-unix/X0"}, [20]) = 0
uname({sys="Linux", node="mymachine.domain.org", ...}) = 0
access("/var/run/gdm/auth-for-myuser-8uJHLe/database", R_OK) = 0
open("/var/run/gdm/auth-for-myuser-8uJHLe/database", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0600, st_size=65, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9067656000
read(4, "1��24mymachine.domain.org��010�22MIT"..., 4096) = 65
close(4) = 0
munmap(0x7f9067656000, 4096) = 0
getsockname(3, {sa_family=AF_FILE, NULL}, [2]) = 0
fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{"l�v���22�20���", 12}, {"", 0}, {"MIT-MAGIC-COOKIE-1", 18}, {"��", 2}, {"534223326371626637136621307210z<Bz", 16}, {"", 0}], 6) = 48
read(3, 0x1fc75b0, 8) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
read(3, "1�v���23", 8) = 8
read(3, "`350247���@337737737��1��
�37737717�� 10377����"..., 3080) = 3080
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{"b�5�f���BIG-REQUESTS", 20}], 1) = 20
poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
read(3, "1�1�����1222����������������������", 4096) = 32
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{"222�1�", 4}], 1) = 4
poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
read(3, "1�2�����377377?���������������������", 4096) = 32
read(3, 0x1fc2414, 4096) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{"7�5���@32551��10���377377377�24�6�2551��27���".. ., 44}, {NULL, 0}, {"", 0}], 3) = 44
poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
read(3, "1104�(���37�������237���������������"..., 4096) = 192
read(3, 0x1fc2414, 4096) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{"b�5� �@3", 8}, {"XKEYBOARD", 9}, {"���", 3}], 3) = 20
poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
read(3, "1�5�����1224w253��������������������", 4096) = 32
read(3, 0x1fc2414, 4096) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{"224�2�1���", 8}, {NULL, 0}, {"", 0}], 3) = 8
poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
read(3, "116�����1�����������������������", 4096) = 32
read(3, 0x1fc2414, 4096) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{"b�4�10���", 8}, {"SECURITY", 8}, {"", 0}], 3) = 16
poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
read(3, "1�7�����������������������������", 4096) = 32
read(3, 0x1fc2414, 4096) = -1 EAGAIN (Resource temporarily unavailable)
write(2, "xauth: (argv):1: ", 18xauth: (argv):1: ) = 18
write(2, "couldn't query Security extensio"..., 52couldn't query Security extension on display ":0.0"
) = 52
unlink("/etc/opt/VirtualGL/vgl_xauth_key-c") = 0
unlink("/etc/opt/VirtualGL/vgl_xauth_key-l") = 0
umask(022) = 077
exit_group(1) = ?
[root@mymachine ~]# semodule -B
And normally this is what vglgenkey would do, it is a script that calls xauth, this is the
script with -x and strace of the second xauth.
[root@mymachine myuser]# vglgenkey
+ XAUTH=xauth
+ '[' -x /usr/X11R6/bin/xauth ']'
+ '[' -x /usr/openwin/bin/xauth ']'
+ '[' '!' -d /etc/opt/VirtualGL ']'
+ '[' -f /etc/opt/VirtualGL/vgl_xauth_key ']'
+ rm /etc/opt/VirtualGL/vgl_xauth_key
+ xauth -f /etc/opt/VirtualGL/vgl_xauth_key generate :0.0 . trusted timeout 0
xauth: creating new authority file /etc/opt/VirtualGL/vgl_xauth_key
xauth: (argv):1: couldn't query Security extension on display ":0.0"
++ xauth list
++ awk '{print $3}'
+ strace xauth -f /etc/opt/VirtualGL/vgl_xauth_key add :0.0 . 05e29bb3370eb6f9f611c7887a3c427a
execve("/usr/bin/xauth", ["xauth", "-f", "/etc/opt/VirtualGL/vgl_xauth_key", "add", ":0.0", ".", "05e29bb3370eb6f9f611c7887a3c427a"], [/* 32 vars */]) = 0
brk(0) = 0xbd5000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30a4e21000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=161072, ...}) = 0
mmap(NULL, 161072, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f30a4df9000
close(3) = 0
open("/usr/lib64/libXau.so.6", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���320
`3747���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=13168, ...}) = 0
mmap(0x37fc600000, 2106112, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fc600000
mprotect(0x37fc602000, 2097152, PROT_NONE) = 0
mmap(0x37fc802000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fc802000
close(3) = 0
open("/usr/lib64/libXext.so.6", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���20052403747���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=76848, ...}) = 0
mmap(0x37fca00000, 2170120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fca00000
mprotect(0x37fca11000, 2097152, PROT_NONE) = 0
mmap(0x37fcc11000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11000) = 0x37fcc11000
close(3) = 0
open("/usr/lib64/libXmuu.so.1", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���36022 3727���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=16400, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30a4df8000
mmap(0x37fa200000, 2109200, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fa200000
mprotect(0x37fa203000, 2093056, PROT_NONE) = 0
mmap(0x37fa402000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fa402000
close(3) = 0
open("/usr/lib64/libX11.so.6", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���2003353413737���".. ., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1308600, ...}) = 0
mmap(0x37fbe00000, 3403160, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fbe00000
mprotect(0x37fbf39000, 2097152, PROT_NONE) = 0
mmap(0x37fc139000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x139000) = 0x37fc139000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "177ELF2113��������3�>�1���360355a3717���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1908792, ...}) = 0
mmap(0x37f9600000, 3733672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37f9600000
mprotect(0x37f9786000, 2097152, PROT_NONE) = 0
mmap(0x37f9986000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x186000) = 0x37f9986000
mmap(0x37f998b000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x37f998b000
close(3) = 0
open("/usr/lib64/libxcb.so.1", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���P206 3747���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=112760, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30a4df7000
mmap(0x37fc200000, 2205608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fc200000
mprotect(0x37fc21b000, 2093056, PROT_NONE) = 0
mmap(0x37fc41a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a000) = 0x37fc41a000
close(3) = 0
open("/lib64/libdl.so.2", O_RDONLY) = 3
read(3, "177ELF211���������3�>�1���340
3403717���"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=22536, ...}) = 0
mmap(0x37f9e00000, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37f9e00000
mprotect(0x37f9e02000, 2097152, PROT_NONE) = 0
mmap(0x37fa002000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fa002000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30a4df6000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30a4df5000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30a4df4000
arch_prctl(ARCH_SET_FS, 0x7f30a4df5700) = 0
mprotect(0x37f9986000, 16384, PROT_READ) = 0
mprotect(0x37fa002000, 4096, PROT_READ) = 0
mprotect(0x37f941f000, 4096, PROT_READ) = 0
munmap(0x7f30a4df9000, 161072) = 0
rt_sigaction(SIGINT, {0x403f40, [INT], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {0x403f40, [TERM], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGHUP, {0x403f40, [HUP], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPIPE, {0x403f40, [PIPE], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
stat("/etc/opt/VirtualGL/vgl_xauth_key-c", 0x7fffc2278980) = -1 ENOENT (No such file or directory)
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = 3
close(3) = 0
statfs("/etc/opt/VirtualGL/vgl_xauth_key-c", {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=37797427, f_bfree=22169618, f_bavail=20249618, f_files=9601024, f_ffree=9018201, f_fsid={1618940619, -282490467}, f_namelen=255, f_frsize=4096}) = 0
link("/etc/opt/VirtualGL/vgl_xauth_key-c", "/etc/opt/VirtualGL/vgl_xauth_key-l") = 0
access("/etc/opt/VirtualGL/vgl_xauth_key", F_OK) = -1 ENOENT (No such file or directory)
umask(077) = 022
brk(0) = 0xbd5000
brk(0xbf6000) = 0xbf6000
open("/etc/opt/VirtualGL/vgl_xauth_key", O_RDONLY) = -1 ENOENT (No such file or directory)
access("/etc/opt/VirtualGL/vgl_xauth_key", F_OK) = -1 ENOENT (No such file or directory)
write(2, "xauth: creating new authority f"..., 69xauth: creating new authority file /etc/opt/VirtualGL/vgl_xauth_key
) = 69
uname({sys="Linux", node="mymachine.domain.org", ...}) = 0
unlink("/etc/opt/VirtualGL/vgl_xauth_key-n") = -1 ENOENT (No such file or directory)
open("/etc/opt/VirtualGL/vgl_xauth_key-n", O_WRONLY|O_CREAT|O_EXCL, 0600) = 3
fcntl(3, F_GETFL) = 0x8001 (flags O_WRONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30a4e20000
lseek(3, 0, SEEK_CUR) = 0
write(3, "1��24mymachine.domain.org��010�22MIT"..., 65) = 65
close(3) = 0
munmap(0x7f30a4e20000, 4096) = 0
unlink("/etc/opt/VirtualGL/vgl_xauth_key") = -1 ENOENT (No such file or directory)
link("/etc/opt/VirtualGL/vgl_xauth_key-n", "/etc/opt/VirtualGL/vgl_xauth_key") = 0
unlink("/etc/opt/VirtualGL/vgl_xauth_key-n") = 0
unlink("/etc/opt/VirtualGL/vgl_xauth_key-c") = 0
unlink("/etc/opt/VirtualGL/vgl_xauth_key-l") = 0
umask(022) = 077
exit_group(0) = ?
+ chmod 644 /etc/opt/VirtualGL/vgl_xauth_key
[root@mymachine myuser]# ls -Z /etc/opt/VirtualGL/vgl_xauth_key
-rw-r--r--. root root unconfined_u
bject_r:etc_t:s0 /etc/opt/VirtualGL/vgl_xauth_key
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
VirtualGL/TurboVNC and selinux
