SELinux is preventing gdm (xdm_t) "execute" to <Unknown> (rpm_exec_t). et ALL

Antonio Olivares olivares14031 at yahoo.com
Wed Nov 28 16:43:11 UTC 2007


--- Jim Cornette <fct-cornette at insight.rr.com> wrote:

> Antonio Olivares wrote:
> > Dear all,
> > 
> > I have been applying the updates and still
> > settroubleshoot pops up and gives the messages: 
> > 
> > 
> > Summary
> >     SELinux is preventing gdm (xdm_t) "execute" to
> > <Unknown> (rpm_exec_t).
> 
> It appears that this error happens when gdm loads. I
> reported other 
> errors regarding SELinux for several problems. Most
> of the errors seem 
> to effect the X server or gnome display manager.
> 
> I added to you bug ticket my SELinux error.
> It happens even if you relabel SELinux.
> 
> I've been booting into runlevel 3 mostly except for
> test. Runlevel 3 
> doesn't have all of the SELinux errors. Most are
> only showing up in 
> runlevel 3.
> 
> -- 
> fedora-test-list mailing list
> fedora-test-list at redhat.com
> To unsubscribe: 
>
https://www.redhat.com/mailman/listinfo/fedora-test-list
> 

I get them on level 3 because level 5 does not work. 
Still Init Respawn error message.  New Selinux policy
packages still give the error in title.  See here:

Summary
    SELinux is preventing gdm (xdm_t) "execute" to
<Unknown> (rpm_exec_t).

Detailed Description
    SELinux denied access requested by gdm. It is not
expected that this access
    is required by gdm and this access may signal an
intrusion attempt. It is
    also possible that the specific version or
configuration of the application
    is causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux
denials.  You could try to
    restore the default system file context for
<Unknown>, restorecon -v
    <Unknown> If this does not work, there is
currently no automatic way to
    allow this access. Instead,  you can generate a
local policy module to allow
    this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
    Or you can disable SELinux protection altogether.
Disabling SELinux
    protection is not recommended. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.

Additional Information        

Source Context               
system_u:system_r:xdm_t:SystemLow-SystemHigh
Target Context               
system_u:object_r:rpm_exec_t
Target Objects                None [ file ]
Affected RPM Packages         
Policy RPM                   
selinux-policy-3.1.2-1.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     localhost
Platform                      Linux localhost
2.6.24-0.42.rc3.git1.fc9 #1 SMP
                              Sat Nov 24 05:51:18 EST
2007 i686 athlon
Alert Count                   13650
First Seen                    Sun 11 Nov 2007 09:11:06
AM CST
Last Seen                     Wed 28 Nov 2007 10:31:42
AM CST
Local ID                     
f3168196-46ac-4951-ab61-b3b218534bb2
Line Numbers                  

Raw Audit Messages            

avc: denied { execute } for comm=gdm dev=dm-0 name=rpm
pid=13279
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tclass=file
tcontext=system_u:object_r:rpm_exec_t:s0

Regards,

Antonio 


      ____________________________________________________________________________________
Get easy, one-click access to your favorites. 
Make Yahoo! your homepage.
http://www.yahoo.com/r/hs 




More information about the fedora-test-list mailing list