Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 119988 - selinux audit messages
Summary: selinux audit messages
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: xscreensaver
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: FC2Blocker
TreeView+ depends on / blocked
 
Reported: 2004-04-04 18:51 UTC by Tim Waugh
Modified: 2014-03-17 02:43 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-05-03 21:19:36 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Tim Waugh 2004-04-04 18:51:01 UTC 
Description of problem:
I keep getting selinux audit messages

Version-Release number of selected component (if applicable):
xscreensaver-4.14-4
policy-1.9.2-10

How reproducible:
100%

Steps to Reproduce:
1. Just log in as a user_r user.
  
Actual results:
audit(1081103071.442:0): avc:  denied  { getattr } for  pid=2175
exe=/usr/X11R6/bin/xscreensaver path=/home/tim/.xscreensaver dev=hdb1
ino=706028 scontext=tim:user_r:user_screensaver_t
tcontext=system_u:object_r:user_home_t tclass=file

Also:
audit(1081092237.557:0): avc:  denied  { create } for  pid=2691
exe=/usr/X11R6/lib/xscreensaver/sonar
scontext=tim:user_r:user_screensaver_t
tcontext=tim:user_r:user_screensaver_t tclass=rawip_socket

Additional info:
audit2allow says:

allow user_screensaver_t user_home_t:file { getattr };
allow user_screensaver_t user_screensaver_t:rawip_socket { create };
Comment 1 Bill Nottingham 2004-04-05 19:07:46 UTC 
sonar wants to ping things for the display, which is why it wants a
raw IP socket.

xscreensaver *does* need to be able to read its config file in any case.
Comment 2 Tim Waugh 2004-04-05 22:56:14 UTC 
policy-1.9.2-12 fixes access to config file for me.
Note You need to log in before you can comment on or make changes to this bug.