I'm down to one AVC left booting to a desktop in OpenSUSE 11.3 milestone 6.
type=AVC msg=audit(127369094.093:8): avc: denied { relabelfrom } for pid=3089 comm="restorecond" name=".xsession-errors" dev=sda3 ino=127759 scontext=user_u:user_r:user_t:s0 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
It looks to me like somewhere late in the boot, a windowing error occurs and it attempts to log it to .xsession-errors. For some reason at that point in time it attempts to relabel that file and is denied.
The file context on .xsession-errors in the unprivileged user's home directory is user_u:object_r:user_home_t:s0
However, when I run audit2allow on that avc, it says "This avc is a constraint violation. You will need to add an attribute to either the source or target type to make it work."
Should I relabel .xsession-errors? If so, to what?
