fedora 9/10 Guest account?

Matt Nicholson sjoeboo at sjoeboo.com
Tue Nov 4 15:22:55 UTC 2008


Hmm, doesn't seem to be working:

This is on a fully updated F9 install, selinux in enforcing mode, xguest
installed. When trying to login at the Guest user:

Summary:

SELinux is preventing dbus-daemon (xguest_dbusd_t) "read write" to socket
(xguest_t).

Detailed Description:

SELinux denied access requested by dbus-daemon. It is not expected that this
access is required by dbus-daemon and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of
the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                xguest_u:xguest_r:xguest_dbusd_t:s0
Target Context                xguest_u:xguest_r:xguest_t:s0
Target Objects                socket [ unix_stream_socket ]
Source                        dbus-daemon
Source Path                   /bin/dbus-daemon
Port                          <Unknown>
Host                          dhcp-0016533596-c5-74
Source RPM Packages           dbus-1.2.4-1.fc9
Target RPM Packages
Policy RPM                    selinux-policy-3.3.1-103.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     dhcp-0016533596-c5-74
Platform                      Linux dhcp-0016533596-c5-74
2.6.26.6-79.fc9.i686
                              #1 SMP Fri Oct 17 14:52:14 EDT 2008 i686 i686
Alert Count                   1
First Seen                    Tue Nov  4 10:20:32 2008
Last Seen                     Tue Nov  4 10:20:32 2008
Local ID                      6306343f-6166-4ca6-ada5-770e4c3a3a91
Line Numbers

Raw Audit Messages

host=dhcp-0016533596-c5-74 type=AVC msg=audit(1225812032.80:22): avc:
denied  { read write } for  pid=2820 comm="dbus-daemon"
path="socket:[29372]" dev=sockfs ino=29372
scontext=xguest_u:xguest_r:xguest_dbusd_t:s0
tcontext=xguest_u:xguest_r:xguest_t:s0 tclass=unix_stream_socket

host=dhcp-0016533596-c5-74 type=SYSCALL msg=audit(1225812032.80:22):
arch=40000003 syscall=11 success=yes exit=0 a0=804c8f7 a1=bfcd858c
a2=bfcd99b4 a3=7 items=0 ppid=2819 pid=2820 auid=35027 uid=35027 gid=35027
euid=35027 suid=35027 fsuid=35027 egid=35027 sgid=35027 fsgid=35027
tty=(none) ses=2 comm="dbus-daemon" exe="/bin/dbus-daemon"
subj=xguest_u:xguest_r:xguest_dbusd_t:s0 key=(null)



Any help/ideas?
On Tue, Nov 4, 2008 at 9:37 AM, Matt Nicholson <sjoeboo at sjoeboo.com> wrote:

>
> Hmm, interesting. I'm rebuilding my image with that package installed, and
> selinux in enforcing mode on a test vm right now, and I'll see how it goes.
>
> Thanks,
>
> Matt
>
> On Mon, Nov 3, 2008 at 3:36 PM, Doncho N. Gunchev <
> dgunchev at dev.ezsearch.net> wrote:
>
>> Matt Nicholson wrote:
>>
>>> I'm looking to get a guest account setup, possibly on a whole host of
>>> workstations I run running F9.
>>> These workstations auth against and ldap/kerberos setup we have, fyi.
>>>
>>> so far, my idea is to create a local "guest" user, and user pam_mount to
>>> create a tmpfs home directory for the guest user on login, so that it will
>>> be removed on logout. I want this user to only be able to login though GDM.
>>>
>>> Does any one have any experiance doing something like this? is there any
>>> though of taking the Guest user system Ubutu recently implemented on?
>>>
>>> Any help/ideas would be great.
>>>
>>> Matt
>>>
>> What about http://james-morris.livejournal.com/25640.html :-)
>>
>> --
>> fedora-list mailing list
>> fedora-list at redhat.com
>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>> Guidelines:
>> http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20081104/baa66255/attachment-0001.htm>


More information about the fedora-list mailing list