denied avc for wine
Antonio Olivares
olivares14031 at yahoo.com
Wed Sep 12 13:13:59 UTC 2007
Finally,
the denied avc for wine appeared. Wine started working yesterday and it is running now and here is the avc denial for it.
Summary
SELinux is preventing /usr/bin/Xorg (xdm_xserver_t) "unix_read unix_write"
to <Unknown> (wine_t).
Detailed Description
SELinux denied access requested by /usr/bin/Xorg. It is not expected that
this access is required by /usr/bin/Xorg and this access may signal an
intrusion attempt. It is also possible that the specific version or
configuration of the application is causing it to require additional access.
Allowing Access
You can generate a local policy module to allow this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.
Additional Information
Source Context system_u:system_r:xdm_xserver_t:SystemLow-
SystemHigh
Target Context system_u:system_r:wine_t
Target Objects None [ shm ]
Affected RPM Packages xorg-x11-server-Xorg-1.3.0.0-23.fc8 [application]
Policy RPM selinux-policy-3.0.7-10.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall
Host Name localhost
Platform Linux localhost 2.6.23-0.174.rc6.fc8 #1 SMP Tue
Sep 11 19:06:17 EDT 2007 i686 athlon
Alert Count 2
First Seen Wed 12 Sep 2007 08:10:49 AM CDT
Last Seen Wed 12 Sep 2007 08:10:49 AM CDT
Local ID 8b5115b9-d7d8-40de-8f2b-5ffb7e7ecfb7
Line Numbers
Raw Audit Messages
avc: denied { unix_read, unix_write } for comm=X egid=0 euid=0 exe=/usr/bin/Xorg
exit=-13 fsgid=0 fsuid=0 gid=0 items=0 pid=2440
scontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 suid=0 tclass=shm
tcontext=system_u:system_r:wine_t:s0 tty=tty7 uid=0
Please advice on how to deal with this. I was quiet and using another computer but now since wine started working I came back to it and I saw this.
Thanks,
Antonio
____________________________________________________________________________________
Yahoo! oneSearch: Finally, mobile search
that gives answers, not web links.
http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC
More information about the fedora-selinux-list
mailing list