SELinux is preventing X (xdm_xserver_t) "search" to <Unknown> (hwdata_t).

Daniel J Walsh dwalsh at redhat.com
Mon Nov 19 20:10:54 UTC 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
> After applying rawhide updates and starting up to new kernel 2.6.24-0.38.rc2.git6.fc9, setroubleshoot kicked in and gave the following alert:  
> 
> Summary
>     SELinux is preventing X (xdm_xserver_t) "search" to <Unknown> (hwdata_t).
> 
> Detailed Description
>     SELinux denied access requested by X. It is not expected that this access is
>     required by X and this access may signal an intrusion attempt. It is also
>     possible that the specific version or configuration of the application is
>     causing it to require additional access.
> 
> Allowing Access
>     Sometimes labeling problems can cause SELinux denials.  You could try to
>     restore the default system file context for <Unknown>, restorecon -v
>     <Unknown> If this does not work, there is currently no automatic way to
>     allow this access. Instead,  you can generate a local policy module to allow
>     this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
>     Or you can disable SELinux protection altogether. Disabling SELinux
>     protection is not recommended. Please file a
>     http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
> 
> Additional Information        
> 
> Source Context                system_u:system_r:xdm_xserver_t
> Target Context                system_u:object_r:hwdata_t
> Target Objects                None [ dir ]
> Affected RPM Packages         
> Policy RPM                    selinux-policy-3.0.8-44.fc8
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   plugins.catchall_file
> Host Name                     localhost
> Platform                      Linux localhost 2.6.24-0.38.rc2.git6.fc9 #1 SMP
>                               Fri Nov 16 17:20:39 EST 2007 i686 athlon
> Alert Count                   1
> First Seen                    Mon 19 Nov 2007 07:25:42 AM CST
> Last Seen                     Mon 19 Nov 2007 07:25:42 AM CST
> Local ID                      a1fc1316-a17e-43d6-8163-a6899b0cc65c
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> avc: denied { search } for comm=X dev=dm-0 name=hwdata pid=2802
> scontext=system_u:system_r:xdm_xserver_t:s0 tclass=dir
> tcontext=system_u:object_r:hwdata_t:s0
> 
> 
> 
> Regards,
> 
> Antonio 
> 
> 
> 
> 
>       ____________________________________________________________________________________
> Never miss a thing.  Make Yahoo your home page. 
> http://www.yahoo.com/r/hs
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Fixed in selinux-policy-3.1.2-1.fc9
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHQe3NrlYvE4MpobMRAkbOAJkB4EnsgZYQ2yLZKhtM/2can5z9owCgin7+
5tI+hCnfD5t9He9ZBHvFcxo=
=PXaa
-----END PGP SIGNATURE-----

More information about the fedora-test-list mailing list