Opened 14 years ago
Closed 12 years ago
#107 closed defect (fixed)
SELinux prevents xauth from accessing per session auth files in user's home directory
| Reported by: | Antoine Martin | Owned by: | Antoine Martin |
|---|---|---|---|
| Priority: | major | Milestone: | 1.0 |
| Component: | Server | Keywords: | |
| Cc: |
Description
If selinux is enforcing, xauth just fails...
So we have a workaround in place where we pass the global XAUTHORITY to the server and it uses that if /selinux/enforcing==1
Not ideal. I can't see any easy way of being able to create new xauth files with selinux enabled. PITA
See also: NX bug
Change History (2)
comment:1 Changed 12 years ago by
| Owner: | changed from Antoine Martin to Antoine Martin |
|---|---|
| Status: | new → accepted |
comment:2 Changed 12 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | accepted → closed |
Fixed in selinux-policy-3.10.0-149.fc17
Note: See
TracTickets for help on using
tickets.
copyleft 2009 - 2014
And now on Fedora 17 we have a different problem, which is that xauth wants to access /dev/urandom (for whatever reason) and SELinux generates an alert..
Here is an example of the command line we run:
Upstream bug file here
This is the SELinux module generated to workaround the issue:
module xauth_urandom 1.0; require { type xauth_t; type urandom_device_t; class chr_file read; } allow xauth_t urandom_device_t:chr_file read;