[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: ./xauth?

From: "Carl D. Roth" <roth ursus net>
To: fedora-selinux-list redhat com
Subject: Re: ./xauth?
Date: Fri, 11 Jul 2008 15:43:04 +0000 (UTC)

On Fri, 11 Jul 2008 08:14:21 -0700, Dan Thurman wrote:

> I am not sure what this is, and /.xauth does not exist, but here is the
> log:
> ================================
> Summary:
> 
> SELinux is preventing su (initrc_su_t) "execute" to ./xauth
> (xauth_exec_t).
> 
> Detailed Description:
> 

I had that happen on one of my systems too.  It was starting a service in 
init.d that changed userid's via 'su'.  Since it was a headless 
application (i.e. daemon) I chose to ignore the errors as follows:

  gen_require(`
    type initrc_su_t;
    type sshd_t;
    type xauth_exec_t;
  ')

  dontaudit initrc_su_t sshd_t:key { search };
  dontaudit initrc_su_t xauth_exec_t:file { execute };

As you can see, the 'su' session also tried to grovel around for SSH keys.

C

Follow-Ups:
- Re: ./xauth?
  - From: Paul Howarth
- Re: ./xauth?
  - From: Tomas Mraz

References:
- ./xauth?
  - From: Dan Thurman

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]