./xauth?
Carl D. Roth
roth at ursus.net
Fri Jul 11 15:43:04 UTC 2008
On Fri, 11 Jul 2008 08:14:21 -0700, Dan Thurman wrote:
> I am not sure what this is, and /.xauth does not exist, but here is the
> log:
> ================================
> Summary:
>
> SELinux is preventing su (initrc_su_t) "execute" to ./xauth
> (xauth_exec_t).
>
> Detailed Description:
>
I had that happen on one of my systems too. It was starting a service in
init.d that changed userid's via 'su'. Since it was a headless
application (i.e. daemon) I chose to ignore the errors as follows:
gen_require(`
type initrc_su_t;
type sshd_t;
type xauth_exec_t;
')
dontaudit initrc_su_t sshd_t:key { search };
dontaudit initrc_su_t xauth_exec_t:file { execute };
As you can see, the 'su' session also tried to grovel around for SSH keys.
C
More information about the fedora-selinux-list
mailing list