Re: gdm + selinux problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dr. Michael J. Chudobiak wrote:
> Hi all,
> 
> After an F7 -> F8 upgrade, I can't start the xorg server in enforcing
> mode. Logs say things like:
> 
> type=AVC msg=audit(1195824979.681:23): avc:  denied  { getattr } for
> pid=2585 comm="gdm-binary" path="/tmp/.X11-unix" dev=dm-0 ino=8871462
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=dir
> type=SYSCALL msg=audit(1195824979.681:23): arch=40000003 syscall=196
> success=yes exit=0 a0=8090daf a1=bfb4d320 a2=c2bff4 a3=3 items=0 ppid=1
> pid=2585 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 tty=(none) comm="gdm-binary" exe="/usr/sbin/gdm-binary"
> subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
> 
> 
> audit2allow says:
> 
> #============= cupsd_t ==============
> allow cupsd_t nscd_t:nscd shmemserv;
> 
> #============= iptables_t ==============
> allow iptables_t nscd_t:nscd shmemserv;
> 
> #============= nfsd_t ==============
> allow nfsd_t nscd_t:nscd { shmemserv getserv };
> 
> #============= ntpd_t ==============
> allow ntpd_t nscd_t:nscd shmemserv;
> 
> #============= sendmail_t ==============
> allow sendmail_t fail2ban_log_t:file append;
> allow sendmail_t initrc_t:unix_stream_socket { read write };
> allow sendmail_t nscd_t:nscd shmemserv;
> 
> #============= system_mail_t ==============
> allow system_mail_t nscd_t:nscd shmemserv;
> 
> #============= xdm_t ==============
> allow xdm_t initrc_tmp_t:dir { getattr setattr };
> 
> #============= xdm_xserver_t ==============
> allow xdm_xserver_t initrc_tmp_t:dir { write getattr search add_name };
> allow xdm_xserver_t initrc_tmp_t:sock_file create;
> 
> 
> 
> Now... how would this have happened? Should I just run the above
> commands to fix everything, or is there a deeper bug / issue?
> 
> Help appreciated!
> 
> 
> - Mike
> 
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Looks like you might have some labeliing problems, but first update to
the latest version of selinux-policy

yum -y upgrade selinux-policy


And see if most of these have been fixed.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHVCMCrlYvE4MpobMRAtS6AJ9KrOK3dc8t8bLJCcUUK0SBvxgWXACfVuy2
JNYcjIBN4MzTprQVdKwaiZo=
=o1QY
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux