AVC:s on xauth file when doing su
Göran Uddeborg
goeran at uddeborg.se
Wed Dec 30 16:14:59 UTC 2009
Dominick Grift:
> Well for starters the file is mislabeled:
> The Question is: why did this not happen?
Thanks for your analysis.
I'll try to investigate exactly when this happens. And if it turns
out to be something policy-related (rather than something that has
gone wrong locally) I'll file a bugzilla.
> Remove the file and see if xauth creates a new one and what the type
> of the newly created file is: ls -alZ /root | grep .xauth
Now it gets a context of xauth_home_t. (As usual, bugs hide when you
start looking for them!)
> What distro are you using?
Fedora 12. I recently upgraded the policy to
selinux-policy-3.6.32-63.fc12.
> BTW: It is not encouraged to login as root via ssh (-X)
:-) Between two trusted hosts on a trusted local, wired, network, I'm
not too worried. (I don't actually log in as root. I log in as
myself and do su or sudo. But I guess that part doesn't really make
much difference.)
More information about the fedora-selinux-list
mailing list