SEtroubleshooting (./.xsession-errors) ??

Todd Zullinger tmz at pobox.com
Thu Jun 19 21:15:29 UTC 2008


William Case wrote:
> ERROR message in SEtroubleshooting.
> 
>        SELinux is preventing the pam_timestamp_c from using potentially
>        mislabeled files (/root/.xsession-errors). 
>        
>        [SELinux is in permissive mode, the operation would have been
>        denied but was permitted due to permissive mode.]SELinux has
>        denied pam_timestamp_c access to potentially mislabeled file(s)
>        (/root/.xsession-errors). This means that SELinux will not allow
>        pam_timestamp_c to use these files. It is common for users to
>        edit files in their home directory or tmp directories and then
>        move (mv) them to system directories. The problem is that the
>        files end up with the wrong file context which confined
>        applications are not allowed to access. 
> 
> My Fedora 9 was recently fresh installed which would have included a
> new .xsession-errors.  Contrary to the error message, I have not
> changed, moved or besmirched root's .xsession-errors filein any way I
> know of.
> 
> I am willing to follow SELinux's suggestion "If you want pam_timestamp_c
> to access this files, you need to relabel them using restorecon -v
> '/root/.xsession-errors'. You might want to relabel the entire directory
> using restorecon -R -v '/root'. " If I can confirm I am not dealing with
> a bug.
> 
> Is this a F9 bug?

Am I correct in assuming that /root/.xsession-errors means you are
logging into X as root?  If so, forget about making any adjustments to
SELinux, as it would be pointless.  Logging in to X as root is not
something you could hope to have SELinux protect you from anyway.  You
should either a) stop logging into X as root or b) disable or ignore
SELinux.  I strongly suggest the former. :)

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Common sense is genius dressed in its working clothes.
    -- Ralph Waldo Emerson

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080619/b5abcd3f/attachment-0001.sig>


More information about the fedora-list mailing list