AVC messages at boot and kdm login (latest Rawhide)
Russell Coker
russell at coker.com.au
Sat Mar 13 05:28:45 UTC 2004
On Fri, 12 Mar 2004 02:12, Aleksey Nogin <aleksey at nogin.org> wrote:
> > How does /dev/input really work? As I understand it event0 could be a
> > keyboard or a mouse. So maybe we want a separate type for this so that
> > when using gpm it can access it, but when the user is granted direct
> > mouse access they can't read the keyboard directly.
> >
> > Does this make sense?
>
> May be. This is already reported -
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=117369
OK, that's fixed in my tree.
> >>Mar 11 04:20:42 dell kernel: audit(1079007642.899:0): avc: denied {
> >>write } for pid=2121 exe=/usr/bin/kdm_greet name=.qtrc.lock dev=hda2
> >>ino=670527 scontext=system_u:system_r:xdm_t
> >>tcontext=system_u:object_r:lib_t tclass=file
> >
> > What directory is this in?
>
> /usr/lib/qt-3.3/etc/settings/qtrc
>
> > We just need to get the directory in question
> > labeled as var_lib_xdm_t.
>
> Well, should it be writing to it, or just reading? I do not see why it
> would be reasonable for kdm_greet to touch it...
You may be right, but I think that's the smallest of our xdm related issues.
Currently the xdms want to do lots of stuff, creating files inside user home
dirs, chmod on device nodes, etc.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list