gconf alert
Valent Turkovic
valent.turkovic at gmail.com
Sat Mar 22 12:55:51 UTC 2008
On Sat, Mar 22, 2008 at 1:55 PM, Valent Turkovic
<valent.turkovic at gmail.com> wrote:
>
> On Sat, Mar 22, 2008 at 12:14 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Valent Turkovic wrote:
> > > On Sat, Mar 22, 2008 at 12:20 AM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> > >> -----BEGIN PGP SIGNED MESSAGE-----
> > >> Hash: SHA1
> > >>
> > >>
> > >> Valent Turkovic wrote:
> > >> > Hi.
> > >> >
> > >> > I'm seeing lots of these alerts in rawhide.
> > >> > Is this "normal" or is it a gnome or selinux issue or is my system problematic?
> > >> >
> > >> > Valent.
> > >> >
> > >> >
> > >> >
> > >> > ------------------------------------------------------------------------
> > >> >
> > >> > --
> > >> > fedora-selinux-list mailing list
> > >> > fedora-selinux-list at redhat.com
> > >> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > >> Well you are logging in as root via XWindows which is not a good idea
> > >> and we do not plan to fix the policy for this. Since it is such a bad
> > >> idea, and would break any security we have tried to add to SELinux to
> > >> eliminate the AVC. You also setup the user to login via user_t?
> > >> -----BEGIN PGP SIGNATURE-----
> > >> Version: GnuPG v1.4.8 (GNU/Linux)
> > >> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> > >>
> > >> iEYEARECAAYFAkfkQtAACgkQrlYvE4MpobMhRACeJ9srkML85WxzUU6DVBtEPMS9
> > >> Uw0AoLqLWJUxIzTk79o7Tn4ybDSKRsE8
> > >> =z7RQ
> > >> -----END PGP SIGNATURE-----
> > >>
> > >
> > >
> > > I'm not logging in as root to gnome.
> > >
> > > Valent
> > > .
> > >
> > Well the AVC says
> >
> > host=valent.lan type=AVC msg=audit(1206099072.482:443): avc: denied {
> > rename } for pid=13738 comm="gconfd-2" name="saved_state.tmp" dev=sda9
> > ino=865370 scontext=user_u:user_r:user_t:s0
> > tcontext=user_u:object_r:admin_home_t:s0 tclass=file
> >
> > host=valent.lan type=SYSCALL msg=audit(1206099072.482:443):
> > arch=40000003 syscall=38 success=yes exit=0 a0=9f59b20 a1=9f57118 a2=0
> > a3=5 items=0 ppid=1 pid=13738 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0
> > egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="gconfd-2"
> > exe="/usr/libexec/gconfd-2" subj=user_u:user_r:user_t:s0 key=(null)
> >
> >
> > admin_home_t is the label of /root
> >
> > So either you have a labeling problem or you have gconfd-2 trying to
> > relabel saved_state.tmp which is labeled the root directory label
> > admin_home_t
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.8 (GNU/Linux)
> > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> >
> > iEYEARECAAYFAkfk6gAACgkQrlYvE4MpobMAXwCg2YpVaswVCQVI7kSuOUk+CgDN
> > JWMAoIHx0BNqxOdbUKGsA1ruGBTlYvin
> > =F+6B
> > -----END PGP SIGNATURE-----
> >
>
>
> I relabeled my system 2 times in last few days and I'm not running as
> gmome as root. I don't know why I'm seeing this alert and that is why
> I'm sending you this email.
>
>
>
> Valent.
>
> --
> http://kernelreloaded.blog385.com/
> linux, blog, anime, spirituality, windsurf, wireless
> registered as user #367004 with the Linux Counter, http://counter.li.org.
> ICQ: 2125241, Skype: valent.turkovic
>
I'm seeing it in F8 and also in F9 Beta
.
--
http://kernelreloaded.blog385.com/
linux, blog, anime, spirituality, windsurf, wireless
registered as user #367004 with the Linux Counter, http://counter.li.org.
ICQ: 2125241, Skype: valent.turkovic
More information about the fedora-selinux-list
mailing list