On 03/13/18 06:13, ToddAndMargo wrote: >> >> /usr/bin/sealert -b >> Is quiet If I put the AVC's you mention in the original post in a file.... type=AVC msg=audit(1520843479.104:515): avc: denied { create } for pid=7554 comm="lightdm" name=".xsession-errors" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:samba_share_t:s0 tclass=file permissive=1 type=AVC msg=audit(1520843479.104:516): avc: denied { write open } for pid=7554 comm="lightdm" path="/home/tony/.xsession-errors" dev="dm-1" ino=54526689 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:samba_share_t:s0 tclass=file permissive=1 And run sealert against them I get.... [egreshko@meimei ~]$ sealert -a err 100% done found 2 alerts in err -------------------------------------------------------------------------------- SELinux is preventing lightdm from create access on the file .xsession-errors. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that lightdm should be allowed create access on the .xsession-errors file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'lightdm' --raw | audit2allow -M my-lightdm # semodule -X 300 -i my-lightdm.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:samba_share_t:s0 Target Objects .xsession-errors [ file ] Source lightdm Source Path lightdm Port <Unknown> Host <Unknown> Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-283.26.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name meimei.greshko.com Platform Linux meimei.greshko.com 4.15.7-300.fc27.x86_64 #1 SMP Wed Feb 28 17:53:39 UTC 2018 x86_64 x86_64 Alert Count 1 First Seen 2018-03-12 16:31:19 CST Last Seen 2018-03-12 16:31:19 CST Local ID 4b15d210-1cff-461f-8c2a-8469d09752d2 Raw Audit Messages type=AVC msg=audit(1520843479.104:515): avc: denied { create } for pid=7554 comm="lightdm" name=".xsession-errors" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:samba_share_t:s0 tclass=file permissive=1 Hash: lightdm,xdm_t,samba_share_t,file,create -------------------------------------------------------------------------------- SELinux is preventing lightdm from 'write, open' accesses on the file /home/tony/.xsession-errors. ***** Plugin restorecon (99.5 confidence) suggests ************************ If you want to fix the label. /home/tony/.xsession-errors default label should be xdm_home_t. Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly. Do # /sbin/restorecon -v /home/tony/.xsession-errors ***** Plugin catchall (1.49 confidence) suggests ************************** If you believe that lightdm should be allowed write open access on the .xsession-errors file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'lightdm' --raw | audit2allow -M my-lightdm # semodule -X 300 -i my-lightdm.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:samba_share_t:s0 Target Objects /home/tony/.xsession-errors [ file ] Source lightdm Source Path lightdm Port <Unknown> Host <Unknown> Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-283.26.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name meimei.greshko.com Platform Linux meimei.greshko.com 4.15.7-300.fc27.x86_64 #1 SMP Wed Feb 28 17:53:39 UTC 2018 x86_64 x86_64 Alert Count 1 First Seen 2018-03-12 16:31:19 CST Last Seen 2018-03-12 16:31:19 CST Local ID 82cda10c-f801-4a67-b762-54b27ad752cb Raw Audit Messages type=AVC msg=audit(1520843479.104:516): avc: denied { write open } for pid=7554 comm="lightdm" path="/home/tony/.xsession-errors" dev="dm-1" ino=54526689 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:samba_share_t:s0 tclass=file permissive=1 Hash: lightdm,xdm_t,samba_share_t,file,write,open -- Conjecture is just a conclusion based on incomplete information. It isn't a fact.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx