Sorry for the delay. I had reinstalled that previous machine and don't
have the other rules I applied.
I repeated this on another machine, and did not run any audit2allow.
Also there are 2 problems:
1. Boot time problem with the VirtualGL which seems to generate a
avc message. (Fails if the machine is not booted in permissive or
disabled mode)
2. A problem with xauth when setenforce is enforcing.
(This works if setenforce is permissive or disabled regardless
of the boot time settings).
The machine policy is set to targeted.
Attached is the longer data with strace. The xauth does not seem
to generate any audit.log messages even with semodule -DB, but if
I turn selinux to permissive the xauth commands succeed.
To clarify:
- It works if the system is booted with /etc/selinux/config
SELINUX=permissive
or
SELINUX=disable
- It fails if the system is booted with /etc/selinux/config
SELINUX=enforcing
* Even if after the boot 'setenforce 0' is run
- My
I do get avc message, note this is running in permissive mode.
[root@amelie mdalton]# grep -i avc /var/log/audit/audit.log
type=USER_AVC msg=audit(1331199802.711:70545): user pid=4970 uid=28
auid=0 ses=3756 subj=system_u:system_r:nscd_t:s0 msg='avc: received
policyload notice (seqno=4) : exe="?" sauid=28 hostname=? addr=? terminal=?'
[root@amelie mdalton]# ls -Z /dev/dri /dev/nvidia*
ls: cannot access /dev/dri: No such file or directory
crw-rw----. root vglusers system_u:object_r:device_t:s0 /dev/nvidia0
crw-rw----. root vglusers system_u:object_r:device_t:s0 /dev/nvidiactl
Mark
On 03/21/2012 02:39 PM, Stephen Smalley wrote:
On Wed, 2012-03-21 at 09:05 -0400, Mark Dalton wrote:
Thank you for selinux. I have been trying to run it on our machines
especially any public facing and servers. We use audit2allow and
generate mods.
I did not find a 'dumb users forum'. Could you point me to a place
to find this or suggest how to fix this? I worked with our local
expert
on selinux. (I can repeat this if that helps).
Not a 'dumb users forum', but there are some more user-centric resources
like the fedora selinux list, the Fedora SELinux User Guide, etc. But
it is fine to post such questions here as well.
I was not able to get VirtualGL and selinux to work together.
It is something during boot time it seems. I have tried generating
rules based on audit/audit.log.
If you are still getting avc messages during boot, then post those
messages. If you are not getting any avc messages during boot, then run
semodule -DB to remove the dontaudit rules and try again (and then run
semodule -B afterward), and post those avc messages. Don't apply
audit2allow to the avc messages generated while dontaudit rules were
removed.
The VirtualGL web http://www.virtualgl.org/Documentation/RHEL6
states they don't know how to make it work either.
I have tried in permissive mode after boot and that did not work
either,
which is why I think it is something during boot time. Like the
device
setup. My guess is related to: /dev/dri as it sets up these and then
access to the /dev/nvidia0 and /dev/nvidiactl are restricted to
vglusers
group (in my case it can be configured with/without group
restriction).
If so, then you should have some avc denials pertaining to those device
nodes. ls -Z /dev/dri /dev/nvidia* might be interesting.
From VirtualGL website they also have:
vglgenkey Issues
Currently, the only known way to make vglgenkey work (vglgenkey is
used to grant 3D X Server access to members of the vglusers group) is
to disable SELinux. With SELinux enabled, the /usr/bin/xauth file is
hidden within the context of the GDM startup scripts, so vglgenkey has
no way of generating or importing an xauth key
to /etc/opt/VirtualGL/vgl_xauth_key (and, for that matter, access is
denied to /etc/opt/VirtualGL as well.)
If so, then you should have some avc denials pertaining to running xauth
or reading .Xauthority or accessing /etc/opt/VirtualGL. ls -Z
$HOME/.Xauthority might be interesting.
I did not see any messages in the /var/log/audit/audit.log when running xauth
even with semodule -DB.
[root@mymachine ~]# ls -Z /home/myuser/.Xauthority
-rw-------. myuser cses unconfined_u:object_r:xauth_home_t:s0 /home/myuser/.Xauthority
[root@mymachine ~]# semodule -DB
[root@mymachine ~]# strace xauth -f /etc/opt/VirtualGL/vgl_xauth_key generate :0.0 . trusted timeout 0
execve("/usr/bin/xauth", ["xauth", "-f", "/etc/opt/VirtualGL/vgl_xauth_key", "generate", ":0.0", ".", "trusted", "timeout", "0"], [/* 33 vars */]) = 0
brk(0) = 0x1a40000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f696bd82000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=161072, ...}) = 0
mmap(NULL, 161072, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f696bd5a000
close(3) = 0
open("/usr/lib64/libXau.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\r`\3747\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=13168, ...}) = 0
mmap(0x37fc600000, 2106112, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fc600000
mprotect(0x37fc602000, 2097152, PROT_NONE) = 0
mmap(0x37fc802000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fc802000
close(3) = 0
open("/usr/lib64/libXext.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\2005\240\3747\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=76848, ...}) = 0
mmap(0x37fca00000, 2170120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fca00000
mprotect(0x37fca11000, 2097152, PROT_NONE) = 0
mmap(0x37fcc11000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11000) = 0x37fcc11000
close(3) = 0
open("/usr/lib64/libXmuu.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\22 \3727\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=16400, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f696bd59000
mmap(0x37fa200000, 2109200, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fa200000
mprotect(0x37fa203000, 2093056, PROT_NONE) = 0
mmap(0x37fa402000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fa402000
close(3) = 0
open("/usr/lib64/libX11.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\335\341\3737\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1308600, ...}) = 0
mmap(0x37fbe00000, 3403160, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fbe00000
mprotect(0x37fbf39000, 2097152, PROT_NONE) = 0
mmap(0x37fc139000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x139000) = 0x37fc139000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\355a\3717\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1908792, ...}) = 0
mmap(0x37f9600000, 3733672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37f9600000
mprotect(0x37f9786000, 2097152, PROT_NONE) = 0
mmap(0x37f9986000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x186000) = 0x37f9986000
mmap(0x37f998b000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x37f998b000
close(3) = 0
open("/usr/lib64/libxcb.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\206 \3747\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=112760, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f696bd58000
mmap(0x37fc200000, 2205608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fc200000
mprotect(0x37fc21b000, 2093056, PROT_NONE) = 0
mmap(0x37fc41a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a000) = 0x37fc41a000
close(3) = 0
open("/lib64/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\340\3717\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=22536, ...}) = 0
mmap(0x37f9e00000, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37f9e00000
mprotect(0x37f9e02000, 2097152, PROT_NONE) = 0
mmap(0x37fa002000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fa002000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f696bd57000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f696bd56000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f696bd55000
arch_prctl(ARCH_SET_FS, 0x7f696bd56700) = 0
mprotect(0x37f9986000, 16384, PROT_READ) = 0
mprotect(0x37fa002000, 4096, PROT_READ) = 0
mprotect(0x37f941f000, 4096, PROT_READ) = 0
munmap(0x7f696bd5a000, 161072) = 0
rt_sigaction(SIGINT, {0x403f40, [INT], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {0x403f40, [TERM], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGHUP, {0x403f40, [HUP], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPIPE, {0x403f40, [PIPE], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
stat("/etc/opt/VirtualGL/vgl_xauth_key-c", {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EEXIST (File exists)
write(2, "xauth: error in locking authori"..., 73xauth: error in locking authority file /etc/opt/VirtualGL/vgl_xauth_key
) = 73
exit_group(1) = ?
[root@mymachine ~]# rm /etc/opt/VirtualGL/vgl_xauth_key-c
rm: remove regular empty file `/etc/opt/VirtualGL/vgl_xauth_key-c'? y
[root@mymachine ~]# strace xauth -vvv -f /etc/opt/VirtualGL/vgl_xauth_key generate :0.0 . trusted timeout 0
execve("/usr/bin/xauth", ["xauth", "-vvv", "-f", "/etc/opt/VirtualGL/vgl_xauth_key", "generate", ":0.0", ".", "trusted", "timeout", "0"], [/* 33 vars */]) = 0
brk(0) = 0x12cc000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f80b13dc000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=161072, ...}) = 0
mmap(NULL, 161072, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f80b13b4000
close(3) = 0
open("/usr/lib64/libXau.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\r`\3747\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=13168, ...}) = 0
mmap(0x37fc600000, 2106112, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fc600000
mprotect(0x37fc602000, 2097152, PROT_NONE) = 0
mmap(0x37fc802000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fc802000
close(3) = 0
open("/usr/lib64/libXext.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\2005\240\3747\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=76848, ...}) = 0
mmap(0x37fca00000, 2170120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fca00000
mprotect(0x37fca11000, 2097152, PROT_NONE) = 0
mmap(0x37fcc11000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11000) = 0x37fcc11000
close(3) = 0
open("/usr/lib64/libXmuu.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\22 \3727\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=16400, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f80b13b3000
mmap(0x37fa200000, 2109200, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fa200000
mprotect(0x37fa203000, 2093056, PROT_NONE) = 0
mmap(0x37fa402000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fa402000
close(3) = 0
open("/usr/lib64/libX11.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\335\341\3737\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1308600, ...}) = 0
mmap(0x37fbe00000, 3403160, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fbe00000
mprotect(0x37fbf39000, 2097152, PROT_NONE) = 0
mmap(0x37fc139000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x139000) = 0x37fc139000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\355a\3717\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1908792, ...}) = 0
mmap(0x37f9600000, 3733672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37f9600000
mprotect(0x37f9786000, 2097152, PROT_NONE) = 0
mmap(0x37f9986000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x186000) = 0x37f9986000
mmap(0x37f998b000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x37f998b000
close(3) = 0
open("/usr/lib64/libxcb.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\206 \3747\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=112760, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f80b13b2000
mmap(0x37fc200000, 2205608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fc200000
mprotect(0x37fc21b000, 2093056, PROT_NONE) = 0
mmap(0x37fc41a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a000) = 0x37fc41a000
close(3) = 0
open("/lib64/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\340\3717\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=22536, ...}) = 0
mmap(0x37f9e00000, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37f9e00000
mprotect(0x37f9e02000, 2097152, PROT_NONE) = 0
mmap(0x37fa002000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fa002000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f80b13b1000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f80b13b0000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f80b13af000
arch_prctl(ARCH_SET_FS, 0x7f80b13b0700) = 0
mprotect(0x37f9986000, 16384, PROT_READ) = 0
mprotect(0x37fa002000, 4096, PROT_READ) = 0
mprotect(0x37f941f000, 4096, PROT_READ) = 0
munmap(0x7f80b13b4000, 161072) = 0
rt_sigaction(SIGINT, {0x403f40, [INT], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {0x403f40, [TERM], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGHUP, {0x403f40, [HUP], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPIPE, {0x403f40, [PIPE], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
stat("/etc/opt/VirtualGL/vgl_xauth_key-c", 0x7fff3f1050a0) = -1 ENOENT (No such file or directory)
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7fff3f105060) = 0
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7fff3f105060) = 0
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7fff3f105060) = 0
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7fff3f105060) = 0
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7fff3f105060) = 0
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7fff3f105060) = 0
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7fff3f105060) = 0
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7fff3f105060) = 0
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7fff3f105060) = 0
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, 0x7fff3f105060) = 0
write(2, "xauth: timeout in locking autho"..., 75xauth: timeout in locking authority file /etc/opt/VirtualGL/vgl_xauth_key
) = 75
exit_group(1) = ?
[root@mymachine ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
[root@mymachine ~]# setenforce permissive
[root@mymachine ~]# strace xauth -vvv -f /etc/opt/VirtualGL/vgl_xauth_key generate :0.0 . trusted timeout 0
execve("/usr/bin/xauth", ["xauth", "-vvv", "-f", "/etc/opt/VirtualGL/vgl_xauth_key", "generate", ":0.0", ".", "trusted", "timeout", "0"], [/* 33 vars */]) = 0
brk(0) = 0x1fc1000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9067658000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=161072, ...}) = 0
mmap(NULL, 161072, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9067630000
close(3) = 0
open("/usr/lib64/libXau.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\r`\3747\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=13168, ...}) = 0
mmap(0x37fc600000, 2106112, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fc600000
mprotect(0x37fc602000, 2097152, PROT_NONE) = 0
mmap(0x37fc802000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fc802000
close(3) = 0
open("/usr/lib64/libXext.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\2005\240\3747\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=76848, ...}) = 0
mmap(0x37fca00000, 2170120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fca00000
mprotect(0x37fca11000, 2097152, PROT_NONE) = 0
mmap(0x37fcc11000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11000) = 0x37fcc11000
close(3) = 0
open("/usr/lib64/libXmuu.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\22 \3727\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=16400, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f906762f000
mmap(0x37fa200000, 2109200, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fa200000
mprotect(0x37fa203000, 2093056, PROT_NONE) = 0
mmap(0x37fa402000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fa402000
close(3) = 0
open("/usr/lib64/libX11.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\335\341\3737\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1308600, ...}) = 0
mmap(0x37fbe00000, 3403160, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fbe00000
mprotect(0x37fbf39000, 2097152, PROT_NONE) = 0
mmap(0x37fc139000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x139000) = 0x37fc139000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\355a\3717\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1908792, ...}) = 0
mmap(0x37f9600000, 3733672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37f9600000
mprotect(0x37f9786000, 2097152, PROT_NONE) = 0
mmap(0x37f9986000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x186000) = 0x37f9986000
mmap(0x37f998b000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x37f998b000
close(3) = 0
open("/usr/lib64/libxcb.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\206 \3747\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=112760, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f906762e000
mmap(0x37fc200000, 2205608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fc200000
mprotect(0x37fc21b000, 2093056, PROT_NONE) = 0
mmap(0x37fc41a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a000) = 0x37fc41a000
close(3) = 0
open("/lib64/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\340\3717\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=22536, ...}) = 0
mmap(0x37f9e00000, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37f9e00000
mprotect(0x37f9e02000, 2097152, PROT_NONE) = 0
mmap(0x37fa002000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fa002000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f906762d000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f906762c000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f906762b000
arch_prctl(ARCH_SET_FS, 0x7f906762c700) = 0
mprotect(0x37f9986000, 16384, PROT_READ) = 0
mprotect(0x37fa002000, 4096, PROT_READ) = 0
mprotect(0x37f941f000, 4096, PROT_READ) = 0
munmap(0x7f9067630000, 161072) = 0
rt_sigaction(SIGINT, {0x403f40, [INT], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {0x403f40, [TERM], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGHUP, {0x403f40, [HUP], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPIPE, {0x403f40, [PIPE], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
stat("/etc/opt/VirtualGL/vgl_xauth_key-c", 0x7fff037ae1e0) = -1 ENOENT (No such file or directory)
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = 3
close(3) = 0
statfs("/etc/opt/VirtualGL/vgl_xauth_key-c", {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=37797427, f_bfree=22169622, f_bavail=20249622, f_files=9601024, f_ffree=9018205, f_fsid={1618940619, -282490467}, f_namelen=255, f_frsize=4096}) = 0
link("/etc/opt/VirtualGL/vgl_xauth_key-c", "/etc/opt/VirtualGL/vgl_xauth_key-l") = 0
access("/etc/opt/VirtualGL/vgl_xauth_key", F_OK) = -1 ENOENT (No such file or directory)
umask(077) = 022
brk(0) = 0x1fc1000
brk(0x1fe2000) = 0x1fe2000
open("/etc/opt/VirtualGL/vgl_xauth_key", O_RDONLY) = -1 ENOENT (No such file or directory)
access("/etc/opt/VirtualGL/vgl_xauth_key", F_OK) = -1 ENOENT (No such file or directory)
write(2, "xauth: creating new authority f"..., 69xauth: creating new authority file /etc/opt/VirtualGL/vgl_xauth_key
) = 69
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 3), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9067657000
write(1, "Using authority file /etc/opt/Vi"..., 54Using authority file /etc/opt/VirtualGL/vgl_xauth_key
) = 54
socket(PF_FILE, SOCK_STREAM, 0) = 3
connect(3, {sa_family=AF_FILE, path=@"/tmp/.X11-unix/X0"}, 20) = 0
getpeername(3, {sa_family=AF_FILE, path=@"/tmp/.X11-unix/X0"}, [20]) = 0
uname({sys="Linux", node="mymachine.domain.org", ...}) = 0
access("/var/run/gdm/auth-for-myuser-8uJHLe/database", R_OK) = 0
open("/var/run/gdm/auth-for-myuser-8uJHLe/database", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0600, st_size=65, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9067656000
read(4, "\1\0\0\24mymachine.domain.org\0\0010\0\22MIT"..., 4096) = 65
close(4) = 0
munmap(0x7f9067656000, 4096) = 0
getsockname(3, {sa_family=AF_FILE, NULL}, [2]) = 0
fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{"l\0\v\0\0\0\22\0\20\0\0\0", 12}, {"", 0}, {"MIT-MAGIC-COOKIE-1", 18}, {"\0\0", 2}, {"\5\342\233\2637\16\266\371\366\21\307\210z<Bz", 16}, {"", 0}], 6) = 48
read(3, 0x1fc75b0, 8) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
read(3, "\1\0\v\0\0\0\2\3", 8) = 8
read(3, "`\350\247\0\0\0@\3\377\377\37\0\0\1\0\0\r\0\377\377\1\7\0\0 \10\377\0\0\0\0"..., 3080) = 3080
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{"b\0\5\0\f\0\0\0BIG-REQUESTS", 20}], 1) = 20
poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
read(3, "\1\0\1\0\0\0\0\0\1\222\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 4096) = 32
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{"\222\0\1\0", 4}], 1) = 4
poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
read(3, "\1\0\2\0\0\0\0\0\377\377?\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 4096) = 32
read(3, 0x1fc2414, 4096) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{"7\0\5\0\0\0@\3\255\1\0\0\10\0\0\0\377\377\377\0\24\0\6\0\255\1\0\0\27\0\0\0"..., 44}, {NULL, 0}, {"", 0}], 3) = 44
poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
read(3, "\1\10\4\0(\0\0\0\37\0\0\0\0\0\0\0\237\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 192
read(3, 0x1fc2414, 4096) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{"b\0\5\0\t\0@\3", 8}, {"XKEYBOARD", 9}, {"\0\0\0", 3}], 3) = 20
poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
read(3, "\1\0\5\0\0\0\0\0\1\224w\253\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 4096) = 32
read(3, 0x1fc2414, 4096) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{"\224\0\2\0\1\0\0\0", 8}, {NULL, 0}, {"", 0}], 3) = 8
poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
read(3, "\1\1\6\0\0\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 4096) = 32
read(3, 0x1fc2414, 4096) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{"b\0\4\0\10\0\0\0", 8}, {"SECURITY", 8}, {"", 0}], 3) = 16
poll([{fd=3, events=POLLIN}], 1, -1) = 1 ([{fd=3, revents=POLLIN}])
read(3, "\1\0\7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 4096) = 32
read(3, 0x1fc2414, 4096) = -1 EAGAIN (Resource temporarily unavailable)
write(2, "xauth: (argv):1: ", 18xauth: (argv):1: ) = 18
write(2, "couldn't query Security extensio"..., 52couldn't query Security extension on display ":0.0"
) = 52
unlink("/etc/opt/VirtualGL/vgl_xauth_key-c") = 0
unlink("/etc/opt/VirtualGL/vgl_xauth_key-l") = 0
umask(022) = 077
exit_group(1) = ?
[root@mymachine ~]# semodule -B
And normally this is what vglgenkey would do, it is a script that calls xauth, this is the
script with -x and strace of the second xauth.
[root@mymachine myuser]# vglgenkey
+ XAUTH=xauth
+ '[' -x /usr/X11R6/bin/xauth ']'
+ '[' -x /usr/openwin/bin/xauth ']'
+ '[' '!' -d /etc/opt/VirtualGL ']'
+ '[' -f /etc/opt/VirtualGL/vgl_xauth_key ']'
+ rm /etc/opt/VirtualGL/vgl_xauth_key
+ xauth -f /etc/opt/VirtualGL/vgl_xauth_key generate :0.0 . trusted timeout 0
xauth: creating new authority file /etc/opt/VirtualGL/vgl_xauth_key
xauth: (argv):1: couldn't query Security extension on display ":0.0"
++ xauth list
++ awk '{print $3}'
+ strace xauth -f /etc/opt/VirtualGL/vgl_xauth_key add :0.0 . 05e29bb3370eb6f9f611c7887a3c427a
execve("/usr/bin/xauth", ["xauth", "-f", "/etc/opt/VirtualGL/vgl_xauth_key", "add", ":0.0", ".", "05e29bb3370eb6f9f611c7887a3c427a"], [/* 32 vars */]) = 0
brk(0) = 0xbd5000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30a4e21000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=161072, ...}) = 0
mmap(NULL, 161072, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f30a4df9000
close(3) = 0
open("/usr/lib64/libXau.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\r`\3747\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=13168, ...}) = 0
mmap(0x37fc600000, 2106112, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fc600000
mprotect(0x37fc602000, 2097152, PROT_NONE) = 0
mmap(0x37fc802000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fc802000
close(3) = 0
open("/usr/lib64/libXext.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\2005\240\3747\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=76848, ...}) = 0
mmap(0x37fca00000, 2170120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fca00000
mprotect(0x37fca11000, 2097152, PROT_NONE) = 0
mmap(0x37fcc11000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11000) = 0x37fcc11000
close(3) = 0
open("/usr/lib64/libXmuu.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\22 \3727\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=16400, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30a4df8000
mmap(0x37fa200000, 2109200, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fa200000
mprotect(0x37fa203000, 2093056, PROT_NONE) = 0
mmap(0x37fa402000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fa402000
close(3) = 0
open("/usr/lib64/libX11.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\335\341\3737\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1308600, ...}) = 0
mmap(0x37fbe00000, 3403160, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fbe00000
mprotect(0x37fbf39000, 2097152, PROT_NONE) = 0
mmap(0x37fc139000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x139000) = 0x37fc139000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\355a\3717\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1908792, ...}) = 0
mmap(0x37f9600000, 3733672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37f9600000
mprotect(0x37f9786000, 2097152, PROT_NONE) = 0
mmap(0x37f9986000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x186000) = 0x37f9986000
mmap(0x37f998b000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x37f998b000
close(3) = 0
open("/usr/lib64/libxcb.so.1", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\206 \3747\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=112760, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30a4df7000
mmap(0x37fc200000, 2205608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37fc200000
mprotect(0x37fc21b000, 2093056, PROT_NONE) = 0
mmap(0x37fc41a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a000) = 0x37fc41a000
close(3) = 0
open("/lib64/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\340\3717\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=22536, ...}) = 0
mmap(0x37f9e00000, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x37f9e00000
mprotect(0x37f9e02000, 2097152, PROT_NONE) = 0
mmap(0x37fa002000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x37fa002000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30a4df6000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30a4df5000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30a4df4000
arch_prctl(ARCH_SET_FS, 0x7f30a4df5700) = 0
mprotect(0x37f9986000, 16384, PROT_READ) = 0
mprotect(0x37fa002000, 4096, PROT_READ) = 0
mprotect(0x37f941f000, 4096, PROT_READ) = 0
munmap(0x7f30a4df9000, 161072) = 0
rt_sigaction(SIGINT, {0x403f40, [INT], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {0x403f40, [TERM], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGHUP, {0x403f40, [HUP], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPIPE, {0x403f40, [PIPE], SA_RESTORER|SA_RESTART, 0x37f9632900}, {SIG_DFL, [], 0}, 8) = 0
stat("/etc/opt/VirtualGL/vgl_xauth_key-c", 0x7fffc2278980) = -1 ENOENT (No such file or directory)
open("/etc/opt/VirtualGL/vgl_xauth_key-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = 3
close(3) = 0
statfs("/etc/opt/VirtualGL/vgl_xauth_key-c", {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=37797427, f_bfree=22169618, f_bavail=20249618, f_files=9601024, f_ffree=9018201, f_fsid={1618940619, -282490467}, f_namelen=255, f_frsize=4096}) = 0
link("/etc/opt/VirtualGL/vgl_xauth_key-c", "/etc/opt/VirtualGL/vgl_xauth_key-l") = 0
access("/etc/opt/VirtualGL/vgl_xauth_key", F_OK) = -1 ENOENT (No such file or directory)
umask(077) = 022
brk(0) = 0xbd5000
brk(0xbf6000) = 0xbf6000
open("/etc/opt/VirtualGL/vgl_xauth_key", O_RDONLY) = -1 ENOENT (No such file or directory)
access("/etc/opt/VirtualGL/vgl_xauth_key", F_OK) = -1 ENOENT (No such file or directory)
write(2, "xauth: creating new authority f"..., 69xauth: creating new authority file /etc/opt/VirtualGL/vgl_xauth_key
) = 69
uname({sys="Linux", node="mymachine.domain.org", ...}) = 0
unlink("/etc/opt/VirtualGL/vgl_xauth_key-n") = -1 ENOENT (No such file or directory)
open("/etc/opt/VirtualGL/vgl_xauth_key-n", O_WRONLY|O_CREAT|O_EXCL, 0600) = 3
fcntl(3, F_GETFL) = 0x8001 (flags O_WRONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30a4e20000
lseek(3, 0, SEEK_CUR) = 0
write(3, "\1\0\0\24mymachine.domain.org\0\0010\0\22MIT"..., 65) = 65
close(3) = 0
munmap(0x7f30a4e20000, 4096) = 0
unlink("/etc/opt/VirtualGL/vgl_xauth_key") = -1 ENOENT (No such file or directory)
link("/etc/opt/VirtualGL/vgl_xauth_key-n", "/etc/opt/VirtualGL/vgl_xauth_key") = 0
unlink("/etc/opt/VirtualGL/vgl_xauth_key-n") = 0
unlink("/etc/opt/VirtualGL/vgl_xauth_key-c") = 0
unlink("/etc/opt/VirtualGL/vgl_xauth_key-l") = 0
umask(022) = 077
exit_group(0) = ?
+ chmod 644 /etc/opt/VirtualGL/vgl_xauth_key
[root@mymachine myuser]# ls -Z /etc/opt/VirtualGL/vgl_xauth_key
-rw-r--r--. root root unconfined_u:object_r:etc_t:s0 /etc/opt/VirtualGL/vgl_xauth_key
