Re: ./xauth?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2008-07-11 at 15:43 +0000, Carl D. Roth wrote:
> On Fri, 11 Jul 2008 08:14:21 -0700, Dan Thurman wrote:
> 
> > I am not sure what this is, and /.xauth does not exist, but here is the
> > log:
> > ================================
> > Summary:
> > 
> > SELinux is preventing su (initrc_su_t) "execute" to ./xauth
> > (xauth_exec_t).
> > 
> > Detailed Description:
> > 
> 
> I had that happen on one of my systems too.  It was starting a service in 
> init.d that changed userid's via 'su'.  Since it was a headless 
> application (i.e. daemon) I chose to ignore the errors as follows:
> 
>   gen_require(`
>     type initrc_su_t;
>     type sshd_t;
>     type xauth_exec_t;
>   ')
> 
>   dontaudit initrc_su_t sshd_t:key { search };
>   dontaudit initrc_su_t xauth_exec_t:file { execute };
> 
> As you can see, the 'su' session also tried to grovel around for SSH keys.

If there is a service which runs su in init scripts it should be
reported as bug on the package which owns the service. 'runuser' should
be used instead of 'su' in init scripts.
-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux