SELinux is preventing X (xdm_xserver_t) "search" to <Unknown> (hwdata_t).
Antonio Olivares
olivares14031 at yahoo.com
Mon Nov 19 20:52:31 UTC 2007
--- Daniel J Walsh <dwalsh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Antonio Olivares wrote:
> > After applying rawhide updates and starting up to
> new kernel 2.6.24-0.38.rc2.git6.fc9, setroubleshoot
> kicked in and gave the following alert:
> >
> > Summary
> > SELinux is preventing X (xdm_xserver_t)
> "search" to <Unknown> (hwdata_t).
> >
> > Detailed Description
> > SELinux denied access requested by X. It is
> not expected that this access is
> > required by X and this access may signal an
> intrusion attempt. It is also
> > possible that the specific version or
> configuration of the application is
> > causing it to require additional access.
> >
> > Allowing Access
> > Sometimes labeling problems can cause SELinux
> denials. You could try to
> > restore the default system file context for
> <Unknown>, restorecon -v
> > <Unknown> If this does not work, there is
> currently no automatic way to
> > allow this access. Instead, you can generate
> a local policy module to allow
> > this access - see
>
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
> > Or you can disable SELinux protection
> altogether. Disabling SELinux
> > protection is not recommended. Please file a
> >
> http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
> against this package.
> >
> > Additional Information
> >
> > Source Context
> system_u:system_r:xdm_xserver_t
> > Target Context
> system_u:object_r:hwdata_t
> > Target Objects None [ dir ]
> > Affected RPM Packages
> > Policy RPM
> selinux-policy-3.0.8-44.fc8
> > Selinux Enabled True
> > Policy Type targeted
> > MLS Enabled True
> > Enforcing Mode Enforcing
> > Plugin Name
> plugins.catchall_file
> > Host Name localhost
> > Platform Linux localhost
> 2.6.24-0.38.rc2.git6.fc9 #1 SMP
> > Fri Nov 16 17:20:39
> EST 2007 i686 athlon
> > Alert Count 1
> > First Seen Mon 19 Nov 2007
> 07:25:42 AM CST
> > Last Seen Mon 19 Nov 2007
> 07:25:42 AM CST
> > Local ID
> a1fc1316-a17e-43d6-8163-a6899b0cc65c
> > Line Numbers
> >
> > Raw Audit Messages
> >
> > avc: denied { search } for comm=X dev=dm-0
> name=hwdata pid=2802
> > scontext=system_u:system_r:xdm_xserver_t:s0
> tclass=dir
> > tcontext=system_u:object_r:hwdata_t:s0
> >
> >
> >
> > Regards,
> >
> > Antonio
> >
> >
> >
> >
> >
>
____________________________________________________________________________________
> > Never miss a thing. Make Yahoo your home page.
> > http://www.yahoo.com/r/hs
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list at redhat.com
> >
>
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
> Fixed in selinux-policy-3.1.2-1.fc9
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Fedora -
> http://enigmail.mozdev.org
>
>
iD8DBQFHQe3NrlYvE4MpobMRAkbOAJkB4EnsgZYQ2yLZKhtM/2can5z9owCgin7+
> 5tI+hCnfD5t9He9ZBHvFcxo=
> =PXaa
> -----END PGP SIGNATURE-----
>
Thanks! :)
Regards,
Antonio
____________________________________________________________________________________
Be a better pen pal.
Text or chat with friends inside Yahoo! Mail. See how. http://overview.mail.yahoo.com/
More information about the fedora-test-list
mailing list