SELinux deny gdm-binary to access /boot

Daniel J Walsh dwalsh at redhat.com
Thu Nov 15 16:37:33 UTC 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mitsuho Iizuka wrote:
> Hi,
> 
> Clean installed Fedora 8 x86_64 gives following error. Could you
> give me a hint to solve ?
> 
>    SELinux Troubleshooting:
>       SELinux deny gdm-binary to access /boot (exactly in japanese)
> 
> access is get attribute. Troubleshooting give me a hint to
> restorecon -v /boot. But it is strage to access boot. I can't find
> any file to access /boot partition when I log in. I deleted partitions
> to install fedora 8(/boot and /), and I selected the fedora install
> menu to install Fedora 8 against empty partitions. Of course, I tried
> above hint(restorecon -v -R /boot), but Troubleshooting application
> have been give the same warning(error?).
> 
> // M.Iiz
If you chcon -t bin_t /usr/sbin/gdm

Does the problem disappear?


/usr/sbin/gdm is a shell script and it is executing



test -f /etc/profile && . /etc/profile


Which could be causing some of these spurious denials.  We should not be
labeling the script as xdm_exec_t since that is the label on gdm-binary.

I will make this change in selinux-policy-3.0.8-56
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHPHXMrlYvE4MpobMRArQ/AJ9rJ+doaoG29BCfmM4JilUt9rXpVQCgsqzp
YabqNPU5cns+F9XSQukHKkU=
=xKye
-----END PGP SIGNATURE-----




More information about the fedora-list mailing list