--- Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Antonio Olivares wrote: > > Dear all, > > > > after updating and getting the INIT: error that I > had posted before, I can login by pressing enter and > get X, however, when starting up I am greeted by > setroubleshooter with some messages > > > > [olivares@localhost ~]$ cat /etc/fedora-release > > Fedora release 8.90 (Rawhide) > > [olivares@localhost ~]$ date > > Sun Nov 11 10:40:25 CST 2007 > > [olivares@localhost ~]$ > > > > I try to apply the fix suggested, but it does not > seem to be working :( > > > > Summary > > SELinux is preventing gdm (xdm_t) "execute" to > <Unknown> (rpm_exec_t). > > > > Detailed Description > > SELinux denied access requested by gdm. It is > not expected that this access > > is required by gdm and this access may signal > an intrusion attempt. It is > > also possible that the specific version or > configuration of the application > > is causing it to require additional access. > > > > Allowing Access > > Sometimes labeling problems can cause SELinux > denials. You could try to > > restore the default system file context for > <Unknown>, restorecon -v > > <Unknown> If this does not work, there is > currently no automatic way to > > allow this access. Instead, you can generate > a local policy module to allow > > this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 > > Or you can disable SELinux protection > altogether. Disabling SELinux > > protection is not recommended. Please file a > > > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > > > > Additional Information > > > > Source Context > system_u:system_r:xdm_t:SystemLow-SystemHigh > > Target Context > system_u:object_r:rpm_exec_t > > Target Objects None [ file ] > > Affected RPM Packages > > Policy RPM > selinux-policy-3.0.8-44.fc8 > > Selinux Enabled True > > Policy Type targeted > > MLS Enabled True > > Enforcing Mode Enforcing > > Plugin Name > plugins.catchall_file > > Host Name localhost > > Platform Linux localhost > 2.6.23.1-42.fc8 #1 SMP Tue Oct 30 > > 13:55:12 EDT 2007 > i686 athlon > > Alert Count 162 > > First Seen Sun 11 Nov 2007 > 09:11:06 AM CST > > Last Seen Sun 11 Nov 2007 > 10:36:27 AM CST > > Local ID > f3168196-46ac-4951-ab61-b3b218534bb2 > > Line Numbers > > > > Raw Audit Messages > > > > avc: denied { execute } for comm=gdm dev=dm-0 > name=rpm pid=8443 > > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 > tclass=file > > tcontext=system_u:object_r:rpm_exec_t:s0 > > > > > > > > > > > > Summary > > SELinux is preventing gdm (xdm_t) "getattr" to > /bin/rpm (rpm_exec_t). > > > > Detailed Description > > SELinux denied access requested by gdm. It is > not expected that this access > > is required by gdm and this access may signal > an intrusion attempt. It is > > also possible that the specific version or > configuration of the application > > is causing it to require additional access. > > > > Allowing Access > > Sometimes labeling problems can cause SELinux > denials. You could try to > > restore the default system file context for > /bin/rpm, restorecon -v /bin/rpm > > If this does not work, there is currently no > automatic way to allow this > > access. Instead, you can generate a local > policy module to allow this > > access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 > Or you > > can disable SELinux protection altogether. > Disabling SELinux protection is > > not recommended. Please file a > > > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > > > > Additional Information > > > > Source Context > system_u:system_r:xdm_t:SystemLow-SystemHigh > > Target Context > system_u:object_r:rpm_exec_t > > Target Objects /bin/rpm [ file ] > > Affected RPM Packages rpm-4.4.2.2-7.fc9 > [target] > > Policy RPM > selinux-policy-3.0.8-44.fc8 > > Selinux Enabled True > > Policy Type targeted > > MLS Enabled True > > Enforcing Mode Enforcing > > Plugin Name > plugins.catchall_file > > Host Name localhost > > Platform Linux localhost > 2.6.23.1-42.fc8 #1 SMP Tue Oct 30 > > 13:55:12 EDT 2007 > i686 athlon > > Alert Count 180 > > First Seen Sun 11 Nov 2007 > 09:11:06 AM CST > > Last Seen Sun 11 Nov 2007 > 10:36:27 AM CST > > Local ID > e1676a84-c6d0-45b8-97d7-c7cae2d755c1 > > Line Numbers > > > > Raw Audit Messages > > > > avc: denied { getattr } for comm=gdm dev=dm-0 > egid=0 euid=0 exe=/bin/bash > > exit=-13 fsgid=0 fsuid=0 gid=0 items=0 > path=/bin/rpm pid=8443 > > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 > sgid=0 > > subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 suid=0 > tclass=file > > tcontext=system_u:object_r:rpm_exec_t:s0 > tty=(none) uid=0 > > > > > > Thanks, > > > > Antonio > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam > protection around > > http://mail.yahoo.com > > > This looks like you are not logging in with the > correct context. IE You > are staying in the xdm_t context. > > id -Z > > Will show you what context you are logging in as. > You should be > unconfined_t. > > If this is true, I would guess you have a badly > labeled system and you > probably need to relabel > > touch /.autorelabel; reboot > > will fix the labeling. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > === message truncated === [olivares@localhost ~]$ su - Password: [root@localhost ~]# id -Z system_u:system_r:unconfined_t [root@localhost ~]# will do # touch /.autorelabel; reboot and report back if successful/failure. Regards, Antonio ____________________________________________________________________________________ Be a better sports nut! Let your teams follow you with Yahoo Mobile. Try it now. http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
