SELinux is preventing /usr/bin/kdm "write" access on /root
Fedora 14 / KDE
I get this Selinux error message when in A KDE Desktop and right/left click on anything on Desktop. This is a error message I get when I go into a User or Root Desktop. I put Selinux in the permissive mode and it corrected the problem. How and what policy would I make to fix this problem ? Summary: SELinux is preventing /usr/bin/kdm "write" access on /root. Detailed Description: SELinux denied access requested by kdm. It is not expected that this access is required by kdm and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinu...fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:admin_home_t:s0 Target Objects /root [ dir ] Source kdm Source Path /usr/bin/kdm Port <Unknown> Host (removed) Source RPM Packages kdm-4.5.2-3.fc14 Target RPM Packages filesystem-2.4.35-1.fc14 Policy RPM selinux-policy-3.9.7-7.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.35.6-48.fc14.i686 #1 SMP Fri Oct 22 15:34:36 UTC 2010 i686 i686 Alert Count 3 First Seen Thu 04 Nov 2010 10:08:00 PM EDT Last Seen Thu 04 Nov 2010 10:11:36 PM EDT Local ID 5e9e287e-cab0-40ed-8ae3-cbb947f9fc44 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1288923096.835:99): avc: denied { write } for pid=16148 comm="kdm" name="root" dev=sda1 ino=798 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1288923096.835:99): arch=40000003 syscall=5 success=no exit=-13 a0=bfdb0c9b a1=c1 a2=180 a3=1 items=0 ppid=5003 pid=16148 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=7 comm="kdm" exe="/usr/bin/kdm" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Edit/Delete Message |
try
Quote:
SELINUX=disabled SELINUXTYPE=targeted it's all! |
0. You're running F14: file a bug report to help make Fedora better.
1. SELinux permissive mode doesn't "correct" anything. It runs Fedora without SELinux restrictions. 1. 'audit2allow' may help to adjust your local policy (allow xdm_t s0:dir write;). |
Quote:
|
A Guru is some one that knows ALL about Linux, And that Person does not exist.
Every time you think you know it all, The developers will change it in the next version and you have to start over. But I do agree, it is good for Linux. And that is what counts. For some reason I cannot get a log in /var/log/audit for Selinux , is there a config file for Selinux that turns on Logging. Selinux is in the Permissive mode. This bug is every where in Bugzilla and on the Internet , but no one has fixed it yet, and I'm to impatient to wait. This line, 1. 'audit2allow' may help to adjust your local policy (allow xdm_t s0:dir write in your post there is a smiley face at the end of line, what character is supposed to be there ? This is a flaw in linuxquestions.org display of a character, is the character a, semicolon or colon? |
again
Quote:
|
Quote:
Quote:
Quote:
|
Is this what I'm supposed to get ?
# 'echo "node=(removed) type=AVC msg=audit(1288923096.835:99): avc: denied { write } for pid=16148 comm="kdm" name="root" dev=sda1 ino=798 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_ubject_r:admin_home_t:s0 tclass=dir; node=(removed) type=SYSCALL msg=audit(1288923096.835:99): arch=40000003 syscall=5 success=no exit=-13 a0=bfdb0c9b a1=c1 a2=180 a3=1 items=0 ppid=5003 pid=16148 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=7 comm="kdm" exe="/usr/bin/kdm" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)"|audit2allow;'. |
yes
|
All times are GMT -5. The time now is 01:54 AM. |