fedora-selinux August 2010 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Issue with Gnome setting?

Issue with Gnome setting?

From: Daniel B. Thurman <dant_at_nospam>
Date: Fri Aug 27 2010 - 18:34:20 GMT
To: Fedora SELinux Users <selinux@lists.fedoraproject.org>

Yes, I know F9 is obsolete but I still use it!

BTW: for some reason I am not getting back selinux emails that I posted
           which is why I sent it twice - was the a burp in the mailing

Just need to figure out what this means and a fix for it please?

SELinux is preventing the gnome-settings- from using potentially mislabeled
files (socket).

Detailed Description:

SELinux has denied gnome-settings- access to potentially mislabeled file(s)
(socket). This means that SELinux will not allow gnome-settings- to use
files. It is common for users to edit files in their home directory or tmp
directories and then move (mv) them to system directories. The problem
is that
the files end up with the wrong file context which confined applications
are not
allowed to access.

Allowing Access:

If you want gnome-settings- to access this files, you need to relabel
them using
restorecon -v 'socket'. You might want to relabel the entire directory using
restorecon -R -v '<Unknown>'.

Additional Information:

Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context system_u:object_r:tmp_t:s0
Target Objects socket [ sock_file ]
Source gnome-settings-
Source Path /usr/libexec/gnome-settings-daemon
Port <Unknown>
Host gold.cdkkt.com
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.3.1-135.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name home_tmp_bad_labels
Host Name gold.cdkkt.com
Platform Linux gold.cdkkt.com #1
                              SMP Thu Jun 18 12:47:50 EDT 2009 i686 i686
Alert Count 378
First Seen Fri 27 Aug 2010 11:09:22 AM PDT
Last Seen Fri 27 Aug 2010 11:09:26 AM PDT
Local ID bdb33ade-aa41-4dec-a430-ae0ad4594254
Line Numbers

Raw Audit Messages

node=gold.cdkkt.com type=AVC msg=audit(1282932566.767:3581): avc:
denied { read write } for pid=3079 comm="gnome-settings-"
name="socket" dev=sda8 ino=245843
tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux