Empty trash in Gnome

Dawid Gajownik gajownik at fedora.pl
Thu Mar 30 18:44:19 UTC 2006


Hi!
	My friend noticed that with SELinux in enforcing mode ~/.Trash is full 
of the files but he cannot remove them -- clicking on trash icon placed 
on the desktop shows empty directory.

I reproduced this bug on my machine (FC5, 
selinux-policy-targeted-2.2.25-2.fc5, Gnome 2.14) and found this avc 
message:

Mar 30 19:19:47 X kernel: audit(1143739187.507:65): avc:  denied  { 
getattr } for  pid=1810 comm="hald" name="/" dev=hda6 ino=2 
scontext=system_u:system_r:hald_t:s0 
tcontext=system_u:object_r:home_root_t:s0 tclass=dir

Using audit2allow I created kosz.pp module and this resolved the problem 
(you need to reboot or restart haldaemon service). Here's the content of 
te file:

[root at X ~]# cat kosz.te
module kosz 1.0;

require {
         role object_r;
         role system_r;

         class dir getattr;

         type hald_t;
         type home_root_t;
  };


allow hald_t home_root_t:dir getattr;
[root at X ~]#

Maybe default policy should be fixed?

Thanks,
	Dawid

-- 

   ^_*




More information about the fedora-selinux-list mailing list