gdm has problems with selinux or vice versa

Antonio Olivares olivares14031 at yahoo.com
Sun Nov 11 16:40:37 UTC 2007 

Dear all,

after updating and getting the INIT: error that I had posted before, I can login by pressing enter and get X, however, when starting up I am greeted by setroubleshooter with some messages 

[olivares at localhost ~]$ cat /etc/fedora-release 
Fedora release 8.90 (Rawhide)
[olivares at localhost ~]$ date
Sun Nov 11 10:40:25 CST 2007
[olivares at localhost ~]$ 

I try to apply the fix suggested, but it does not seem to be working :(

Summary
    SELinux is preventing gdm (xdm_t) "execute" to <Unknown> (rpm_exec_t).

Detailed Description
    SELinux denied access requested by gdm. It is not expected that this access
    is required by gdm and this access may signal an intrusion attempt. It is
    also possible that the specific version or configuration of the application
    is causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for <Unknown>, restorecon -v
    <Unknown> If this does not work, there is currently no automatic way to
    allow this access. Instead,  you can generate a local policy module to allow
    this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
    Or you can disable SELinux protection altogether. Disabling SELinux
    protection is not recommended. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Additional Information        

Source Context                system_u:system_r:xdm_t:SystemLow-SystemHigh
Target Context                system_u:object_r:rpm_exec_t
Target Objects                None [ file ]
Affected RPM Packages         
Policy RPM                    selinux-policy-3.0.8-44.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     localhost
Platform                      Linux localhost 2.6.23.1-42.fc8 #1 SMP Tue Oct 30
                              13:55:12 EDT 2007 i686 athlon
Alert Count                   162
First Seen                    Sun 11 Nov 2007 09:11:06 AM CST
Last Seen                     Sun 11 Nov 2007 10:36:27 AM CST
Local ID                      f3168196-46ac-4951-ab61-b3b218534bb2
Line Numbers                  

Raw Audit Messages            

avc: denied { execute } for comm=gdm dev=dm-0 name=rpm pid=8443
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=file
tcontext=system_u:object_r:rpm_exec_t:s0





Summary
    SELinux is preventing gdm (xdm_t) "getattr" to /bin/rpm (rpm_exec_t).

Detailed Description
    SELinux denied access requested by gdm. It is not expected that this access
    is required by gdm and this access may signal an intrusion attempt. It is
    also possible that the specific version or configuration of the application
    is causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for /bin/rpm, restorecon -v /bin/rpm
    If this does not work, there is currently no automatic way to allow this
    access. Instead,  you can generate a local policy module to allow this
    access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you
    can disable SELinux protection altogether. Disabling SELinux protection is
    not recommended. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Additional Information        

Source Context                system_u:system_r:xdm_t:SystemLow-SystemHigh
Target Context                system_u:object_r:rpm_exec_t
Target Objects                /bin/rpm [ file ]
Affected RPM Packages         rpm-4.4.2.2-7.fc9 [target]
Policy RPM                    selinux-policy-3.0.8-44.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     localhost
Platform                      Linux localhost 2.6.23.1-42.fc8 #1 SMP Tue Oct 30
                              13:55:12 EDT 2007 i686 athlon
Alert Count                   180
First Seen                    Sun 11 Nov 2007 09:11:06 AM CST
Last Seen                     Sun 11 Nov 2007 10:36:27 AM CST
Local ID                      e1676a84-c6d0-45b8-97d7-c7cae2d755c1
Line Numbers                  

Raw Audit Messages            

avc: denied { getattr } for comm=gdm dev=dm-0 egid=0 euid=0 exe=/bin/bash
exit=-13 fsgid=0 fsuid=0 gid=0 items=0 path=/bin/rpm pid=8443
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 suid=0 tclass=file
tcontext=system_u:object_r:rpm_exec_t:s0 tty=(none) uid=0


Thanks,

Antonio 



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the fedora-selinux-list mailing list