up2date/seaudit/... not working (EXPLAINED)
Tom London
selinux at comcast.net
Fri Jun 18 19:00:44 UTC 2004
Running off of the development tree, I couldn't get graphical apps (like
up2date, seaudit, ...) working when su'ed as root. All of this works
fine on a 'stock FC2' machine (running off
of the base and released-updates trees).
The problem seems to be that the latest packages cause 'su' to change
the settings of XAUTHORITY environment variable from
'XAUTHORITY=/home/USER/.Xauthority' to
'XAUTHORITY=/root/.xauthABCD' (ABCD the usual 'uniqueness' stuff).
If you manually reset XAUTHORITY back to '/home/USER/.Xauthority', the
apps work
again.
Here's a bit of added strangeness: if you start 'xauth' in another user
window and then
try 'su -l', XAUTHORITY is not changed in the root shell. No AVCs against
/root/.authABCD either....
[On the 'stock FC2' machine, XAUTHORITY is not modified by su.]
I've bugzilla'ed this
(https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126300)
against coreutils, but I'm not sure that is the right place (e.g.,
pam?). (All my systems
run with SELinux enabled, so I can only assume this is occurring on
SELinux-disabled
systems as well.)
Can someone explain why 'su' would be changing XAUTHORITY ?
thanks,
tom
More information about the fedora-selinux-list
mailing list