Summary:

SELinux is preventing gdm-simple-gree (xdm_t) "search" httpd_sys_content_t.

Detailed Description:

SELinux denied access requested by gdm-simple-gree. It is not expected that this
access is required by gdm-simple-gree and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinu...fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context system_ubject_r:httpd_sys_content_t:s0
Target Objects www [ dir ]
Source gdm-simple-gree
Source Path /usr/libexec/gdm-simple-greeter
Port <Unknown>
Host mail.[xyz].net
Source RPM Packages gdm-2.26.1-10.fc11
Target RPM Packages
Policy RPM selinux-policy-3.6.12-39.fc11
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name mail.[xyz].net
Platform Linux mail.[xyz].net 2.6.29.4-167.fc11.x86_64 #1
SMP Wed May 27 17:27:08 EDT 2009 x86_64 x86_64
Alert Count 1497
First Seen Fri Nov 26 15:17:30 2010
Last Seen Fri Nov 26 16:57:08 2010
Local ID f8cd1f18-a337-49b9-9df0-209683dfe750
Line Numbers

Raw Audit Messages

node=mail.[xyz].net type=AVC msg=audit(1290761828.686:613042): avc: denied { search } for pid=2779 comm="gdm-simple-gree" name="www" dev=dm-0 ino=35668 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_ubject_r:httpd_sys_content_t:s0 tclass=dir

node=mail.[xyz].net type=SYSCALL msg=audit(1290761828.686:613042): arch=c000003e syscall=254 success=no exit=-13 a0=12 a1=17e0e10 a2=1002fce a3=1 items=0 ppid=2753 pid=2779 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm="gdm-simple-gree" exe="/usr/libexec/gdm-simple-greeter" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

Please be aware we're not your personal 24/7 helpdesk on which you can unload your problems without giving it some thought. This is a Linux-oriented community built on voluntary efforts of its members, meaning mutual respect, positive interaction between members and good manners are appreciated. So next time please provide a short introduction about what what you did to cause this warning. OK?


Are you aware Fedora 11 is (or is about to be) retired?


Is there a specific reason a mail server should run in runlevel 5 using Xorg?
Are you aware what purpose the greeter serves?
Is there a reason, other than misconfiguration, why the greeter should be able to search your WWW directory for files anyway?


Did you read the FAQ entry?
Did it show you any solutions?
If it did, did you try any of them?
And if you did, what was the result?