Re: SPICE plugin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/09/2013 06:50 PM, Dominick Grift wrote:
> On Tue, 2013-12-10 at 00:42 +0100, Dominick Grift wrote:
>> On Mon, 2013-12-09 at 17:35 -0600, Ian Pilcher wrote:
>>> Just got this when trying to use the SPICE plugin.  The alert browser 
>>> is telling me that I need to:
>> 
>>> 
>>> If you want to fix the label. 
>>> /var/cache/fontconfig/beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4 
>>> default label should be fonts_cache_t. Then you can run restorecon. Do 
>>> # /sbin/restorecon -v 
>>> /var/cache/fontconfig/beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4
>>> 
>> 
>> This is what you want to do for now. There seems to be a bug in policy 
>> since the content should have been created with type fonts_cache_t and 
>> not auth_cache_t
>> 
>> Can you reproduce this? Consider filling a bug report for this in the 
>> selinux-policy component. Enclose this setroubleshoot report
>> 
> 
> how is your /var/cache/fontconfig labeled?
> 
> ls -dZ /var/cache/fontconfig
> 
> I could not find any obvious bug in short notice. Will try again tomorrow
> 
> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
sesearch -T -t var_t | grep  auth_cache_t
   type_transition remote_login_t var_t : dir auth_cache_t;
   type_transition certwatch_t var_t : file auth_cache_t;
   type_transition certwatch_t var_t : dir auth_cache_t;
   type_transition sshd_t var_t : dir auth_cache_t;
   type_transition rshd_t var_t : dir auth_cache_t;
   type_transition xdm_t var_t : dir auth_cache_t;
   type_transition local_login_t var_t : dir auth_cache_t;
   type_transition rlogind_t var_t : dir auth_cache_t;

Looks like login programs creating content in var_t would do this transition.

Changing the following line will prevent this transition.

files_var_filetrans(login_pgm, auth_cache_t, dir, "coolkey")

Also adding
miscfiles_filetrans_named_content(login_pgm)


To make sure content gets created with the correct label.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlKnIkwACgkQrlYvE4MpobPMnwCcCAQEOWXolWX751Vk93DnfrEa
pT0AoLo7itAoYSgKrbx7cI0E672V4oin
=wskD
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux