On Sat, Mar 22, 2008 at 1:55 PM, Valent Turkovic <valent.turkovic@xxxxxxxxx> wrote: > > On Sat, Mar 22, 2008 at 12:14 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Valent Turkovic wrote: > > > On Sat, Mar 22, 2008 at 12:20 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > > >> -----BEGIN PGP SIGNED MESSAGE----- > > >> Hash: SHA1 > > >> > > >> > > >> Valent Turkovic wrote: > > >> > Hi. > > >> > > > >> > I'm seeing lots of these alerts in rawhide. > > >> > Is this "normal" or is it a gnome or selinux issue or is my system problematic? > > >> > > > >> > Valent. > > >> > > > >> > > > >> > > > >> > ------------------------------------------------------------------------ > > >> > > > >> > -- > > >> > fedora-selinux-list mailing list > > >> > fedora-selinux-list@xxxxxxxxxx > > >> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > > >> Well you are logging in as root via XWindows which is not a good idea > > >> and we do not plan to fix the policy for this. Since it is such a bad > > >> idea, and would break any security we have tried to add to SELinux to > > >> eliminate the AVC. You also setup the user to login via user_t? > > >> -----BEGIN PGP SIGNATURE----- > > >> Version: GnuPG v1.4.8 (GNU/Linux) > > >> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > >> > > >> iEYEARECAAYFAkfkQtAACgkQrlYvE4MpobMhRACeJ9srkML85WxzUU6DVBtEPMS9 > > >> Uw0AoLqLWJUxIzTk79o7Tn4ybDSKRsE8 > > >> =z7RQ > > >> -----END PGP SIGNATURE----- > > >> > > > > > > > > > I'm not logging in as root to gnome. > > > > > > Valent > > > . > > > > > Well the AVC says > > > > host=valent.lan type=AVC msg=audit(1206099072.482:443): avc: denied { > > rename } for pid=13738 comm="gconfd-2" name="saved_state.tmp" dev=sda9 > > ino=865370 scontext=user_u:user_r:user_t:s0 > > tcontext=user_u:object_r:admin_home_t:s0 tclass=file > > > > host=valent.lan type=SYSCALL msg=audit(1206099072.482:443): > > arch=40000003 syscall=38 success=yes exit=0 a0=9f59b20 a1=9f57118 a2=0 > > a3=5 items=0 ppid=1 pid=13738 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 > > egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="gconfd-2" > > exe="/usr/libexec/gconfd-2" subj=user_u:user_r:user_t:s0 key=(null) > > > > > > admin_home_t is the label of /root > > > > So either you have a labeling problem or you have gconfd-2 trying to > > relabel saved_state.tmp which is labeled the root directory label > > admin_home_t > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.8 (GNU/Linux) > > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > > > iEYEARECAAYFAkfk6gAACgkQrlYvE4MpobMAXwCg2YpVaswVCQVI7kSuOUk+CgDN > > JWMAoIHx0BNqxOdbUKGsA1ruGBTlYvin > > =F+6B > > -----END PGP SIGNATURE----- > > > > > I relabeled my system 2 times in last few days and I'm not running as > gmome as root. I don't know why I'm seeing this alert and that is why > I'm sending you this email. > > > > Valent. > > -- > http://kernelreloaded.blog385.com/ > linux, blog, anime, spirituality, windsurf, wireless > registered as user #367004 with the Linux Counter, http://counter.li.org. > ICQ: 2125241, Skype: valent.turkovic > I'm seeing it in F8 and also in F9 Beta . -- http://kernelreloaded.blog385.com/ linux, blog, anime, spirituality, windsurf, wireless registered as user #367004 with the Linux Counter, http://counter.li.org. ICQ: 2125241, Skype: valent.turkovic -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
