FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 06-19-2008, 09:01 PM
William Case
 
Default SEtroubleshooting (./.xsession-errors) ??

Hi;

ERROR message in SEtroubleshooting.

SELinux is preventing the pam_timestamp_c from using potentially
mislabeled files (/root/.xsession-errors).

[SELinux is in permissive mode, the operation would have been
denied but was permitted due to permissive mode.]SELinux has
denied pam_timestamp_c access to potentially mislabeled file(s)
(/root/.xsession-errors). This means that SELinux will not allow
pam_timestamp_c to use these files. It is common for users to
edit files in their home directory or tmp directories and then
move (mv) them to system directories. The problem is that the
files end up with the wrong file context which confined
applications are not allowed to access.

My Fedora 9 was recently fresh installed which would have included a
new .xsession-errors. Contrary to the error message, I have not
changed, moved or besmirched root's .xsession-errors filein any way I
know of.

I am willing to follow SELinux's suggestion "If you want pam_timestamp_c
to access this files, you need to relabel them using restorecon -v
'/root/.xsession-errors'. You might want to relabel the entire directory
using restorecon -R -v '/root'. " If I can confirm I am not dealing with
a bug.

Is this a F9 bug?
--
Regards Bill;
Fedora 9, Gnome 2.22.2
Evo.2.22.2, Emacs 22.2.1

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 06-19-2008, 09:15 PM
Todd Zullinger
 
Default SEtroubleshooting (./.xsession-errors) ??

William Case wrote:
> ERROR message in SEtroubleshooting.
>
> SELinux is preventing the pam_timestamp_c from using potentially
> mislabeled files (/root/.xsession-errors).
>
> [SELinux is in permissive mode, the operation would have been
> denied but was permitted due to permissive mode.]SELinux has
> denied pam_timestamp_c access to potentially mislabeled file(s)
> (/root/.xsession-errors). This means that SELinux will not allow
> pam_timestamp_c to use these files. It is common for users to
> edit files in their home directory or tmp directories and then
> move (mv) them to system directories. The problem is that the
> files end up with the wrong file context which confined
> applications are not allowed to access.
>
> My Fedora 9 was recently fresh installed which would have included a
> new .xsession-errors. Contrary to the error message, I have not
> changed, moved or besmirched root's .xsession-errors filein any way I
> know of.
>
> I am willing to follow SELinux's suggestion "If you want pam_timestamp_c
> to access this files, you need to relabel them using restorecon -v
> '/root/.xsession-errors'. You might want to relabel the entire directory
> using restorecon -R -v '/root'. " If I can confirm I am not dealing with
> a bug.
>
> Is this a F9 bug?

Am I correct in assuming that /root/.xsession-errors means you are
logging into X as root? If so, forget about making any adjustments to
SELinux, as it would be pointless. Logging in to X as root is not
something you could hope to have SELinux protect you from anyway. You
should either a) stop logging into X as root or b) disable or ignore
SELinux. I strongly suggest the former.

--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~
Common sense is genius dressed in its working clothes.
-- Ralph Waldo Emerson

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 06-19-2008, 09:24 PM
William Case
 
Default SEtroubleshooting (./.xsession-errors) ??

On Thu, 2008-06-19 at 17:15 -0400, Todd Zullinger wrote:
> William Case wrote:
> > ERROR message in SEtroubleshooting.
> >
> > SELinux is preventing the pam_timestamp_c from using potentially
> > mislabeled files (/root/.xsession-errors).
> >
> > [SELinux is in permissive mode, the operation would have been
> > denied but was permitted due to permissive mode.]SELinux has
> > denied pam_timestamp_c access to potentially mislabeled file(s)
> > (/root/.xsession-errors). This means that SELinux will not allow
> > pam_timestamp_c to use these files. It is common for users to
> > edit files in their home directory or tmp directories and then
> > move (mv) them to system directories. The problem is that the
> > files end up with the wrong file context which confined
> > applications are not allowed to access.
> >
> > My Fedora 9 was recently fresh installed which would have included a
> > new .xsession-errors. Contrary to the error message, I have not
> > changed, moved or besmirched root's .xsession-errors filein any way I
> > know of.
> >
> > I am willing to follow SELinux's suggestion "If you want pam_timestamp_c
> > to access this files, you need to relabel them using restorecon -v
> > '/root/.xsession-errors'. You might want to relabel the entire directory
> > using restorecon -R -v '/root'. " If I can confirm I am not dealing with
> > a bug.
> >
> > Is this a F9 bug?
>
> Am I correct in assuming that /root/.xsession-errors means you are
> logging into X as root? If so, forget about making any adjustments to
> SELinux, as it would be pointless. Logging in to X as root is not
> something you could hope to have SELinux protect you from anyway. You
> should either a) stop logging into X as root or b) disable or ignore
> SELinux. I strongly suggest the former.
>
As far as I remember, and I have had Fedora 9 only installed for five
days so not hard to remember, I have only used sudo and su - to preform
normal root procedures.


> --
> fedora-list mailing list
> fedora-list@redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
--
Regards Bill;
Fedora 9, Gnome 2.22.2
Evo.2.22.2, Emacs 22.2.1

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 06-19-2008, 09:34 PM
Todd Zullinger
 
Default SEtroubleshooting (./.xsession-errors) ??

William Case wrote:
> As far as I remember, and I have had Fedora 9 only installed for
> five days so not hard to remember, I have only used sudo and su - to
> preform normal root procedures.

Then I don't see how or why you would have a /root/.xsession-errors
file at all. Seeing as that file is only a log of output from
programs run duing your X session, your easiest solution would seem to
be deleting that file (after checking that it doesn't contain any
information you care about, which seems unlikely).

--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~
I do nothing, granted. But I see the hours pass - which is better than
trying to fill them.
-- E. M. Cioran

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 06-19-2008, 09:45 PM
William Case
 
Default SEtroubleshooting (./.xsession-errors) ??

OK Todd

On Thu, 2008-06-19 at 17:34 -0400, Todd Zullinger wrote:
> William Case wrote:
> > As far as I remember, and I have had Fedora 9 only installed for
> > five days so not hard to remember, I have only used sudo and su - to
> > preform normal root procedures.
>
> Then I don't see how or why you would have a /root/.xsession-errors
> file at all. Seeing as that file is only a log of output from
> programs run duing your X session, your easiest solution would seem to
> be deleting that file (after checking that it doesn't contain any
> information you care about, which seems unlikely).
>
I will check to see if it contains anything interesting and if not
delete it and see what happens.


--
Regards Bill;
Fedora 9, Gnome 2.22.2
Evo.2.22.2, Emacs 22.2.1

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 11:52 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org