On 08/03/2009 10:50 AM, Steve Blackwell wrote: > Ever since I upgraded from F9 to F10 when F9 went EOL I've been having > lots of SElinux warnings. Here's one. I get at seemingly random times, > ie not when I log in. > > Aug 3 09:06:50 steve setroubleshoot: SELinux is preventing > polkit-read-aut (polkit_auth_t) "write" to /var/log/gdm/:0-greeter.log > (xserver_log_t). For complete SELinux messages. run sealert -l > a4a0ec72-1ae8-46af-a27c-441b4a5f1cdb > This looks like a redirection of stdout to the log file. You can add this rule using # grep polkit-read-aut /var/log/audit/audit.log | audit2allow -M mypolkit # semodule -i mypolkit.pp I believe this is actually a bug in xdm. in that it should be passing append privs for its log versus write. If a relabel caused you to loose labels, then you need to add the labels via semanage fcontext instead of just executing a chcon. For example, if I had web content under /myweb # semanage fcontext -a -t httpd_sys_content_t '/myweb(/.*)?' # restorecon -R -v /myweb Would tell the SELinux system about my alternative labeling. A blog I wrote about similar stuff. http://danwalsh.livejournal.com/28027.html > setroubleshoot suggests restorecon -v '/var/log/gdm/:0-greeter.log' > > # ls -lZ /var/log/gdm/:0-greeter.log > -rw-r--r-- gdm gdm > system_u:object_r:xserver_log_t:s0 /var/log/gdm/:0-greeter.log > > # restorecon -v /var/log/gdm/:0-greeter.log > > ]# ls -lZ /var/log/gdm/:0-greeter.log > -rw-r--r-- gdm gdm > system_u:object_r:xserver_log_t:s0 /var/log/gdm/:0-greeter.log > > ie no change > > # tail /var/log/gdm/:0-greeter.log > Warning: No symbols defined for <I228> (keycode 228) > Warning: No symbols defined for <I230> (keycode 230) > Warning: No symbols defined for <I248> (keycode 248) > Warning: No symbols defined for <I249> (keycode 249) > Warning: No symbols defined for <I250> (keycode 250) > Warning: No symbols defined for <I251> (keycode 251) > Warning: No symbols defined for <I252> (keycode 252) > Warning: No symbols defined for <I253> (keycode 253) > Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW message > with a timestamp of 0 for 0x1200022 (Login Wind) Window manager > warning: meta_window_activate called by a pager with a 0 timestamp; the > pager needs to be fixed. > > This computer is on a 2 machine home network, the other machine being a > Vista laptop and I have them connected via Samba. Is some client trying > to login from the laptop? > > # rpm -qa | grep selinux > selinux-policy-3.5.13-67.fc10.noarch > libselinux-devel-2.0.78-1.fc10.i386 > selinux-policy-targeted-3.5.13-67.fc10.noarch > libselinux-2.0.78-1.fc10.i386 > libselinux-utils-2.0.78-1.fc10.i386 > libselinux-python-2.0.78-1.fc10.i386 > > Any suggestions? > > Thanks, > Steve > -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
