SELinux is preventing gdm (xdm_t) "execute" to <Unknown> (rpm_exec_t). et ALL

Antonio Olivares <olivares14031@xxxxxxxxx> · Mon, 26 Nov 2007 17:21:34 -0800 (PST)

Dear all,

I have been applying the updates and still
settroubleshoot pops up and gives the messages: 

Summary
    SELinux is preventing gdm (xdm_t) "execute" to
<Unknown> (rpm_exec_t).

Detailed Description
    SELinux denied access requested by gdm. It is not
expected that this access
    is required by gdm and this access may signal an
intrusion attempt. It is
    also possible that the specific version or
configuration of the application
    is causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux
denials.  You could try to
    restore the default system file context for
<Unknown>, restorecon -v
    <Unknown> If this does not work, there is
currently no automatic way to
    allow this access. Instead,  you can generate a
local policy module to allow
    this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
    Or you can disable SELinux protection altogether.
Disabling SELinux
    protection is not recommended. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.

Additional Information        

Source Context               
system_u:system_r:xdm_t:SystemLow-SystemHigh
Target Context               
system_u:object_r:rpm_exec_t
Target Objects                None [ file ]
Affected RPM Packages         
Policy RPM                   
selinux-policy-3.0.8-44.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     localhost
Platform                      Linux localhost
2.6.24-0.42.rc3.git1.fc9 #1 SMP
                              Sat Nov 24 05:51:18 EST
2007 i686 athlon
Alert Count                   9010
First Seen                    Sun 11 Nov 2007 09:11:06
AM CST
Last Seen                     Mon 26 Nov 2007 07:17:44
PM CST
Local ID                     
f3168196-46ac-4951-ab61-b3b218534bb2
Line Numbers                  

Raw Audit Messages            

avc: denied { execute } for comm=gdm dev=dm-0 name=rpm
pid=22631
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tclass=file
tcontext=system_u:object_r:rpm_exec_t:s0

Summary
    SELinux is preventing gdm (xdm_t) "getattr" to
/bin/rpm (rpm_exec_t).

Detailed Description
    SELinux denied access requested by gdm. It is not
expected that this access
    is required by gdm and this access may signal an
intrusion attempt. It is
    also possible that the specific version or
configuration of the application
    is causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux
denials.  You could try to
    restore the default system file context for
/bin/rpm, restorecon -v /bin/rpm
    If this does not work, there is currently no
automatic way to allow this
    access. Instead,  you can generate a local policy
module to allow this
    access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
Or you
    can disable SELinux protection altogether.
Disabling SELinux protection is
    not recommended. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.

Additional Information        

Source Context               
system_u:system_r:xdm_t:SystemLow-SystemHigh
Target Context               
system_u:object_r:rpm_exec_t
Target Objects                /bin/rpm [ file ]
Affected RPM Packages         rpm-4.4.2.2-11.fc9
[target]
Policy RPM                   
selinux-policy-3.0.8-44.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     localhost
Platform                      Linux localhost
2.6.24-0.42.rc3.git1.fc9 #1 SMP
                              Sat Nov 24 05:51:18 EST
2007 i686 athlon
Alert Count                   4515
First Seen                    Sun 11 Nov 2007 09:11:06
AM CST
Last Seen                     Mon 26 Nov 2007 10:38:27
AM CST
Local ID                     
e1676a84-c6d0-45b8-97d7-c7cae2d755c1
Line Numbers                  

Raw Audit Messages            

avc: denied { getattr } for comm=gdm dev=dm-0
path=/bin/rpm pid=3871
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tclass=file
tcontext=system_u:object_r:rpm_exec_t:s0

I have done what it recommends for me to do, however,
the warnings continue.  

[root@localhost ~]# restorecon -v 
/etc/selinux/targeted/contexts/files/file_contexts:
Multiple same specifications for /usr/bin/sbcl.
[root@localhost ~]# restorecon -v 
/etc/selinux/targeted/contexts/files/file_contexts:
Multiple same specifications for /usr/bin/sbcl.
[root@localhost ~]# restorecon -v /bin/rpm
/etc/selinux/targeted/contexts/files/file_contexts:
Multiple same specifications for /usr/bin/sbcl.
[root@localhost ~]# restorecon -v /bin/rpm
/etc/selinux/targeted/contexts/files/file_contexts:
Multiple same specifications for /usr/bin/sbcl.
[root@localhost ~]# 

[root@localhost ~]# yum list updates
Loading "skip-broken" plugin
Loading "refresh-updatesd" plugin
development               100%
|=========================| 2.1 kB    00:00     
texlive                   100%
|=========================|  951 B    00:00     
[root@localhost ~]# 

does not list any for selinux, selinux-policy's etc.  

What should I do?

Regards,

Antonio 

      ____________________________________________________________________________________
Be a better sports nut!  Let your teams follow you 
with Yahoo Mobile. Try it now.  http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list