-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Valent Turkovic wrote: > On Sat, Mar 22, 2008 at 12:20 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> Valent Turkovic wrote: >> > Hi. >> > >> > I'm seeing lots of these alerts in rawhide. >> > Is this "normal" or is it a gnome or selinux issue or is my system problematic? >> > >> > Valent. >> > >> > >> > >> > ------------------------------------------------------------------------ >> > >> > -- >> > fedora-selinux-list mailing list >> > fedora-selinux-list@xxxxxxxxxx >> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list >> Well you are logging in as root via XWindows which is not a good idea >> and we do not plan to fix the policy for this. Since it is such a bad >> idea, and would break any security we have tried to add to SELinux to >> eliminate the AVC. You also setup the user to login via user_t? >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.8 (GNU/Linux) >> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org >> >> iEYEARECAAYFAkfkQtAACgkQrlYvE4MpobMhRACeJ9srkML85WxzUU6DVBtEPMS9 >> Uw0AoLqLWJUxIzTk79o7Tn4ybDSKRsE8 >> =z7RQ >> -----END PGP SIGNATURE----- >> > > > I'm not logging in as root to gnome. > > Valent > . > Well the AVC says host=valent.lan type=AVC msg=audit(1206099072.482:443): avc: denied { rename } for pid=13738 comm="gconfd-2" name="saved_state.tmp" dev=sda9 ino=865370 scontext=user_u:user_r:user_t:s0 tcontext=user_u:object_r:admin_home_t:s0 tclass=file host=valent.lan type=SYSCALL msg=audit(1206099072.482:443): arch=40000003 syscall=38 success=yes exit=0 a0=9f59b20 a1=9f57118 a2=0 a3=5 items=0 ppid=1 pid=13738 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=user_u:user_r:user_t:s0 key=(null) admin_home_t is the label of /root So either you have a labeling problem or you have gconfd-2 trying to relabel saved_state.tmp which is labeled the root directory label admin_home_t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkfk6gAACgkQrlYvE4MpobMAXwCg2YpVaswVCQVI7kSuOUk+CgDN JWMAoIHx0BNqxOdbUKGsA1ruGBTlYvin =F+6B -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
