AVC:s on xauth file when doing su
Daniel J Walsh
dwalsh at redhat.com
Thu Dec 31 14:09:44 UTC 2009
On 12/30/2009 11:14 AM, Göran Uddeborg wrote:
> Dominick Grift:
>> Well for starters the file is mislabeled:
>
>> The Question is: why did this not happen?
>
> Thanks for your analysis.
>
> I'll try to investigate exactly when this happens. And if it turns
> out to be something policy-related (rather than something that has
> gone wrong locally) I'll file a bugzilla.
>
>> Remove the file and see if xauth creates a new one and what the type
>> of the newly created file is: ls -alZ /root | grep .xauth
>
> Now it gets a context of xauth_home_t. (As usual, bugs hide when you
> start looking for them!)
>
>> What distro are you using?
>
> Fedora 12. I recently upgraded the policy to
> selinux-policy-3.6.32-63.fc12.
>
>> BTW: It is not encouraged to login as root via ssh (-X)
>
> :-) Between two trusted hosts on a trusted local, wired, network, I'm
> not too worried. (I don't actually log in as root. I log in as
> myself and do su or sudo. But I guess that part doesn't really make
> much difference.)
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
There have been some fixes around the handling of xauth in the latest policies, so this might have fixed your problems.
More information about the fedora-selinux-list
mailing list