SELinux is preventing console-kit-dae(/usr/sbin/console-kit-daemon) (consolekit_t) "execute" to <Unknown> (polkit_auth_exec_t).
Daniel J Walsh
dwalsh at redhat.com
Thu Jan 31 19:25:08 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
> Unknown,
>
> what is happening with console-kit-daemon?
>
> Summary:
>
> SELinux is preventing
> console-kit-dae(/usr/sbin/console-kit-daemon)
> (consolekit_t) "execute" to <Unknown>
> (polkit_auth_exec_t).
>
> Detailed Description:
>
> SELinux denied access requested by
> console-kit-dae(/usr/sbin/console-kit-daemon). It is
> not expected that this
> access is required by
> console-kit-dae(/usr/sbin/console-kit-daemon) and this
> access may signal an intrusion attempt. It is also
> possible that the specific
> version or configuration of the application is causing
> it to require additional
> access.
>
> Allowing Access:
>
> Sometimes labeling problems can cause SELinux denials.
> You could try to restore
> the default system file context for <Unknown>,
>
> restorecon -v <Unknown>
>
> If this does not work, there is currently no automatic
> way to allow this access.
> Instead, you can generate a local policy module to
> allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)
> Or you can disable
> SELinux protection altogether. Disabling SELinux
> protection is not recommended.
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context
> system_u:system_r:consolekit_t
> Target Context
> system_u:object_r:polkit_auth_exec_t
> Target Objects None [ file ]
> Source
> console-kit-dae(/usr/sbin/console-kit-daemon)
> Port <Unknown>
> Host localhost.localdomain
> Source RPM Packages
> Target RPM Packages
> Policy RPM
> selinux-policy-3.2.5-20.fc9
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall_file
> Host Name localhost.localdomain
> Platform Linux
> localhost.localdomain 2.6.24-9.fc9 #1 SMP
> Tue Jan 29 18:08:15 EST
> 2008 i686 i686
> Alert Count 1
> First Seen Wed 30 Jan 2008 06:58:11
> PM CST
> Last Seen Wed 30 Jan 2008 06:58:11
> PM CST
> Local ID
> f1411c87-1b39-4d5a-bec3-67e1feb8ec07
> Line Numbers
>
> Raw Audit Messages
>
> host=localhost.localdomain type=AVC
> msg=audit(1201741091.457:30): avc: denied { execute
> } for pid=2897 comm="console-kit-dae"
> name="polkit-read-auth-helper" dev=dm-0 ino=116712
> scontext=system_u:system_r:consolekit_t:s0
> tcontext=system_u:object_r:polkit_auth_exec_t:s0
> tclass=file
>
> host=localhost.localdomain type=SYSCALL
> msg=audit(1201741091.457:30): arch=40000003 syscall=11
> success=no exit=-13 a0=77097c a1=bff98da0 a2=bff9962c
> a3=0 items=0 ppid=2264 pid=2897 auid=4294967295 uid=0
> gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> tty=(none) comm="console-kit-dae"
> exe="/usr/sbin/console-kit-daemon"
> subj=system_u:system_r:consolekit_t:s0 key=(null)
>
>
>
>
>
> ____________________________________________________________________________________
> Be a better friend, newshound, and
> know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Should be fixed by todays policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkeiIJMACgkQrlYvE4MpobOJvQCfS0EE1PcEH7ccU4kAyOLk3/uS
YK4An3GtK1EqLDXZOtrIOncYoY0xEeW7
=ZWl6
-----END PGP SIGNATURE-----
More information about the fedora-test-list
mailing list