./xauth?

Paul Howarth paul at city-fan.org
Fri Jul 11 15:57:57 UTC 2008


Carl D. Roth wrote:
> On Fri, 11 Jul 2008 08:14:21 -0700, Dan Thurman wrote:
> 
>> I am not sure what this is, and /.xauth does not exist, but here is the
>> log:
>> ================================
>> Summary:
>>
>> SELinux is preventing su (initrc_su_t) "execute" to ./xauth
>> (xauth_exec_t).
>>
>> Detailed Description:
>>
> 
> I had that happen on one of my systems too.  It was starting a service in 
> init.d that changed userid's via 'su'.  Since it was a headless 
> application (i.e. daemon) I chose to ignore the errors as follows:
> 
>   gen_require(`
>     type initrc_su_t;
>     type sshd_t;
>     type xauth_exec_t;
>   ')
> 
>   dontaudit initrc_su_t sshd_t:key { search };
>   dontaudit initrc_su_t xauth_exec_t:file { execute };
> 
> As you can see, the 'su' session also tried to grovel around for SSH keys.

Does it behave better if you use "runuser" instead of "su"?

Paul.




More information about the fedora-selinux-list mailing list