[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: fedora 9/10 Guest account?




Hmm, doesn't seem to be working:

This is on a fully updated F9 install, selinux in enforcing mode, xguest installed. When trying to login at the Guest user:

Summary:

SELinux is preventing dbus-daemon (xguest_dbusd_t) "read write" to socket
(xguest_t).

Detailed Description:

SELinux denied access requested by dbus-daemon. It is not expected that this
access is required by dbus-daemon and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                xguest_u:xguest_r:xguest_dbusd_t:s0
Target Context                xguest_u:xguest_r:xguest_t:s0
Target Objects                socket [ unix_stream_socket ]
Source                        dbus-daemon
Source Path                   /bin/dbus-daemon
Port                          <Unknown>
Host                          dhcp-0016533596-c5-74
Source RPM Packages           dbus-1.2.4-1.fc9
Target RPM Packages          
Policy RPM                    selinux-policy-3.3.1-103.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     dhcp-0016533596-c5-74
Platform                      Linux dhcp-0016533596-c5-74 2.6.26.6-79.fc9.i686
                              #1 SMP Fri Oct 17 14:52:14 EDT 2008 i686 i686
Alert Count                   1
First Seen                    Tue Nov  4 10:20:32 2008
Last Seen                     Tue Nov  4 10:20:32 2008
Local ID                      6306343f-6166-4ca6-ada5-770e4c3a3a91
Line Numbers                 

Raw Audit Messages           

host=dhcp-0016533596-c5-74 type=AVC msg=audit(1225812032.80:22): avc:  denied  { read write } for  pid=2820 comm="dbus-daemon" path="socket:[29372]" dev=sockfs ino=29372 scontext=xguest_u:xguest_r:xguest_dbusd_t:s0 tcontext=xguest_u:xguest_r:xguest_t:s0 tclass=unix_stream_socket

host=dhcp-0016533596-c5-74 type=SYSCALL msg=audit(1225812032.80:22): arch=40000003 syscall=11 success=yes exit=0 a0=804c8f7 a1=bfcd858c a2=bfcd99b4 a3=7 items=0 ppid=2819 pid=2820 auid=35027 uid=35027 gid=35027 euid=35027 suid=35027 fsuid=35027 egid=35027 sgid=35027 fsgid=35027 tty=(none) ses=2 comm="dbus-daemon" exe="/bin/dbus-daemon" subj=xguest_u:xguest_r:xguest_dbusd_t:s0 key=(null)



Any help/ideas?
On Tue, Nov 4, 2008 at 9:37 AM, Matt Nicholson <sjoeboo sjoeboo com> wrote:

Hmm, interesting. I'm rebuilding my image with that package installed, and selinux in enforcing mode on a test vm right now, and I'll see how it goes.

Thanks,

Matt

On Mon, Nov 3, 2008 at 3:36 PM, Doncho N. Gunchev <dgunchev dev ezsearch net> wrote:
Matt Nicholson wrote:
I'm looking to get a guest account setup, possibly on a whole host of workstations I run running F9.
These workstations auth against and ldap/kerberos setup we have, fyi.

so far, my idea is to create a local "guest" user, and user pam_mount to create a tmpfs home directory for the guest user on login, so that it will be removed on logout. I want this user to only be able to login though GDM.

Does any one have any experiance doing something like this? is there any though of taking the Guest user system Ubutu recently implemented on?

Any help/ideas would be great.

Matt
What about http://james-morris.livejournal.com/25640.html :-)

--
fedora-list mailing list
fedora-list redhat com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]