Hi!
My friend noticed that with SELinux in enforcing mode ~/.Trash is full
of the files but he cannot remove them -- clicking on trash icon placed
on the desktop shows empty directory.
I reproduced this bug on my machine (FC5,
selinux-policy-targeted-2.2.25-2.fc5, Gnome 2.14) and found this avc
message:
Mar 30 19:19:47 X kernel: audit(1143739187.507:65): avc: denied {
getattr } for pid=1810 comm="hald" name="/" dev=hda6 ino=2
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:home_root_t:s0 tclass=dir
Using audit2allow I created kosz.pp module and this resolved the problem
(you need to reboot or restart haldaemon service). Here's the content of
te file:
[root@X ~]# cat kosz.te
module kosz 1.0;
require {
role object_r;
role system_r;
class dir getattr;
type hald_t;
type home_root_t;
};
allow hald_t home_root_t:dir getattr;
[root@X ~]#
Maybe default policy should be fixed?
Thanks,
Dawid
--
^_*
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
