FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 11-19-2007, 07:22 PM
Daniel J Walsh
 
Default SELinux is preventing the ck-get-x11-serv from using potentially mislabeled files ().

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
> Just as I sent out the other mail about the selinux denying X I have gotten this one, what should I do? Advice/comments/suggestions are welcome.
>
> Regards,
>
> Antonio
>
> Summary
> SELinux is preventing the ck-get-x11-serv from using potentially mislabeled
> files (<Unknown>).
>
> Detailed Description
> SELinux has denied ck-get-x11-serv access to potentially mislabeled file(s)
> (<Unknown>). This means that SELinux will not allow ck-get-x11-serv to use
> these files. It is common for users to edit files in their home directory
> or tmp directories and then move (mv) them to system directories. The
> problem is that the files end up with the wrong file context which confined
> applications are not allowed to access.
>
> Allowing Access
> If you want ck-get-x11-serv to access this files, you need to relabel them
> using restorecon -v <Unknown>. You might want to relabel the entire
> directory using restorecon -R -v <Unknown>.
>
> Additional Information
>
> Source Context system_u:system_r:consolekit_t
> Target Context system_ubject_r:user_home_t
> Target Objects None [ file ]
> Affected RPM Packages
> Policy RPM selinux-policy-3.0.8-44.fc8
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name plugins.home_tmp_bad_labels
> Host Name localhost
> Platform Linux localhost 2.6.24-0.38.rc2.git6.fc9 #1 SMP
> Fri Nov 16 17:20:39 EST 2007 i686 athlon
> Alert Count 5
> First Seen Sun 11 Nov 2007 09:40:02 AM CST
> Last Seen Mon 19 Nov 2007 07:25:44 AM CST
> Local ID fa84efec-ad7f-46d6-a356-d16d9235b774
> Line Numbers
>
> Raw Audit Messages
>
> avc: denied { read } for comm=ck-get-x11-serv dev=dm-0 name=.Xauthority pid=2874
> scontext=system_u:system_r:consolekit_t:s0 tclass=file
> tcontext=system_ubject_r:user_home_t:s0
>
>
>
>
>
>
> __________________________________________________ __________________________________
> Get easy, one-click access to your favorites.
> Make Yahoo! your homepage.
> http://www.yahoo.com/r/hs
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

This is strange, we worked to change startx to prvent this situation. I
will update policy to dontaudit this.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHQfCZrlYvE4MpobMRAt2hAJ925CgGfugXwWMIElpz+E ue+h/SowCgwNbj
yikbgqVuAIsMDCHBhiyM6Fw=
=eikC
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 04:24 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org