-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rahul Sundaram wrote: > Hi, > > I have the copied the copy of g-p-m related denials below: > > --- > > > Summary: > > SELinux is preventing gnome-power-man (xdm_t) "create" to > 10357b34dbb443572a67020848c54ed9:runtime (xdm_var_lib_t). > > Detailed Description: > > SELinux denied access requested by gnome-power-man. It is not expected > that this > access is required by gnome-power-man and this access may signal an > intrusion > attempt. It is also possible that the specific version or configuration > of the > application is causing it to require additional access. > > Allowing Access: > > Sometimes labeling problems can cause SELinux denials. You could try to > restore > the default system file context for > 10357b34dbb443572a67020848c54ed9:runtime, > > restorecon -v '10357b34dbb443572a67020848c54ed9:runtime' > > If this does not work, there is currently no automatic way to allow this > access. > Instead, you can generate a local policy module to allow this access - > see FAQ > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can > disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. > Please file a bug report > (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) > against this package. > > Additional Information: > > Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 > Target Context system_u:object_r:xdm_var_lib_t:s0 > Target Objects 10357b34dbb443572a67020848c54ed9:runtime [ > lnk_file ] > Source gnome-power-man > Source Path /usr/bin/gnome-power-manager > Port <Unknown> > Host sundaram.pnq.redhat.com > Source RPM Packages gnome-power-manager-2.24.1-3.fc10 > Target RPM Packages > Policy RPM selinux-policy-3.5.13-11.fc10 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Enforcing > Plugin Name catchall_file > Host Name sundaram.pnq.redhat.com > Platform Linux sundaram.pnq.redhat.com > 2.6.27.4-68.fc10.i686 #1 SMP Thu Oct 30 > 00:49:42 > EDT 2008 i686 i686 > Alert Count 1 > First Seen Wed 05 Nov 2008 10:17:25 PM IST > Last Seen Wed 05 Nov 2008 10:17:25 PM IST > Local ID 5bed64ed-4506-4f5e-aea2-22bef1bd3d82 > Line Numbers > > Raw Audit Messages > > node=sundaram.pnq.redhat.com type=AVC msg=audit(1225903645.809:25): avc: > denied { create } for pid=8176 comm="gnome-power-man" > name="10357b34dbb443572a67020848c54ed9:runtime" > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:xdm_var_lib_t:s0 tclass=lnk_file > > node=sundaram.pnq.redhat.com type=SYSCALL msg=audit(1225903645.809:25): > arch=40000003 syscall=83 success=no exit=-13 a0=8f31138 a1=8f31040 > a2=6d9b660 a3=8f311e0 items=0 ppid=1 pid=8176 auid=4294967295 uid=42 > gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) > ses=4294967295 comm="gnome-power-man" exe="/usr/bin/gnome-power-manager" > subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) > > --------------- > > > > Summary: > > SELinux is preventing gnome-power-man (xdm_t) "sendto" xdm_t. > > Detailed Description: > > SELinux denied access requested by gnome-power-man. It is not expected > that this > access is required by gnome-power-man and this access may signal an > intrusion > attempt. It is also possible that the specific version or configuration > of the > application is causing it to require additional access. > > Allowing Access: > > You can generate a local policy module to allow this access - see FAQ > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can > disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. > Please file a bug report > (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) > against this package. > > Additional Information: > > Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 > Target Context system_u:system_r:xdm_t:s0-s0:c0.c1023 > Target Objects None [ unix_dgram_socket ] > Source gnome-power-man > Source Path /usr/bin/gnome-power-manager > Port <Unknown> > Host sundaram.pnq.redhat.com > Source RPM Packages gnome-power-manager-2.24.1-3.fc10 > Target RPM Packages > Policy RPM selinux-policy-3.5.13-11.fc10 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Enforcing > Plugin Name catchall > Host Name sundaram.pnq.redhat.com > Platform Linux sundaram.pnq.redhat.com > 2.6.27.4-68.fc10.i686 #1 SMP Thu Oct 30 > 00:49:42 > EDT 2008 i686 i686 > Alert Count 1 > First Seen Wed 05 Nov 2008 10:17:25 PM IST > Last Seen Wed 05 Nov 2008 10:17:25 PM IST > Local ID 288d421c-cab3-49b2-9b6b-ac5398816f4d > Line Numbers > > Raw Audit Messages > > node=sundaram.pnq.redhat.com type=AVC msg=audit(1225903645.846:26): avc: > denied { sendto } for pid=8176 comm="gnome-power-man" > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=unix_dgram_socket > > node=sundaram.pnq.redhat.com type=SYSCALL msg=audit(1225903645.846:26): > arch=40000003 syscall=102 success=no exit=-13 a0=9 a1=b7127670 a2=a0b234 > a3=0 items=0 ppid=1 pid=8176 auid=4294967295 uid=42 gid=42 euid=42 > suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 > comm="gnome-power-man" exe="/usr/bin/gnome-power-manager" > subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) > > > --- > > Rahul > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list Fixed in selinux-policy-3.5.13-16.fc10 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkkSAUUACgkQrlYvE4MpobMOgwCg5976fVt5ro3TFjeCQa/UWe/n O+kAniXKXOUMqyujwMASpKKOgWqOnDXr =8TtY -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
