Re: SELinux is preventing X (xdm_xserver_t) "search" to <Unknown> (hwdata_t).

From: Antonio Olivares <olivares14031_at_nospam>
Date: Mon Nov 19 2007 - 20:52:31 GMT
To: Daniel J Walsh <dwalsh@redhat.com>

Daniel J Walsh <dwalsh@redhat.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Antonio Olivares wrote:
> > After applying rawhide updates and starting up to
> new kernel 2.6.24-0.38.rc2.git6.fc9, setroubleshoot
> kicked in and gave the following alert:
> >
> > Summary
> > SELinux is preventing X (xdm_xserver_t)
> "search" to <Unknown> (hwdata_t).
> >
> > Detailed Description
> > SELinux denied access requested by X. It is
> not expected that this access is
> > required by X and this access may signal an
> intrusion attempt. It is also
> > possible that the specific version or
> configuration of the application is
> > causing it to require additional access.
> >
> > Allowing Access
> > Sometimes labeling problems can cause SELinux
> denials. You could try to
> > restore the default system file context for
> <Unknown>, restorecon -v
> > <Unknown> If this does not work, there is
> currently no automatic way to
> > allow this access. Instead, you can generate
> a local policy module to allow
> > this access - see

>
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
> > Or you can disable SELinux protection
> altogether. Disabling SELinux
> > protection is not recommended. Please file a
> >
> http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
> against this package.
> >
> > Additional Information
> >
> > Source Context
> system_u:system_r:xdm_xserver_t
> > Target Context
> system_u:object_r:hwdata_t
> > Target Objects None [ dir ]
> > Affected RPM Packages
> > Policy RPM
> selinux-policy-3.0.8-44.fc8
> > Selinux Enabled True
> > Policy Type targeted
> > MLS Enabled True
> > Enforcing Mode Enforcing
> > Plugin Name
> plugins.catchall_file
> > Host Name localhost
> > Platform Linux localhost
> 2.6.24-0.38.rc2.git6.fc9 #1 SMP
> > Fri Nov 16 17:20:39
> EST 2007 i686 athlon
> > Alert Count 1
> > First Seen Mon 19 Nov 2007
> 07:25:42 AM CST
> > Last Seen Mon 19 Nov 2007
> 07:25:42 AM CST
> > Local ID
> a1fc1316-a17e-43d6-8163-a6899b0cc65c
> > Line Numbers
> >
> > Raw Audit Messages
> >
> > avc: denied { search } for comm=X dev=dm-0
> name=hwdata pid=2802
> > scontext=system_u:system_r:xdm_xserver_t:s0
> tclass=dir
> > tcontext=system_u:object_r:hwdata_t:s0
> >
> >
> >
> > Regards,
> >
> > Antonio
> >
> >
> >
> >
> >

>

> > Never miss a thing. Make Yahoo your home page.
> > http://www.yahoo.com/r/hs
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@redhat.com
> >

>
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
> Fixed in selinux-policy-3.1.2-1.fc9
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Fedora -
> http://enigmail.mozdev.org
>

>
iD8DBQFHQe3NrlYvE4MpobMRAkbOAJkB4EnsgZYQ2yLZKhtM/2can5z9owCgin7+
> 5tI+hCnfD5t9He9ZBHvFcxo=
> =PXaa
> -----END PGP SIGNATURE-----
>

Thanks! :)

Regards,

Antonio

Be a better pen pal.
Text or chat with friends inside Yahoo! Mail. See how. http://overview.mail.yahoo.com/ -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

This message: [ Message body ]
Next message: kwhiskerz: "policy confusion"
Previous message: Steve G: "Re: auditd fails to start on FC6 system, newer kernels effect?"
In reply to: Daniel J Walsh: "Re: SELinux is preventing X (xdm_xserver_t) "search" to <Unknown> (hwdata_t)."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]