Dear all,
I have been applying the updates and still settroubleshoot pops up and gives the messages:
Summary SELinux is preventing gdm (xdm_t) "execute" to <Unknown> (rpm_exec_t).
Detailed Description SELinux denied access requested by gdm. It is not expected that this access is required by gdm and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for <Unknown>, restorecon -v <Unknown> If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
Additional Information
Source Context system_u:system_r:xdm_t:SystemLow-SystemHigh Target Context system_u:object_r:rpm_exec_t Target Objects None [ file ] Affected RPM Packages Policy RPM selinux-policy-3.0.8-44.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall_file Host Name localhost Platform Linux localhost 2.6.24-0.42.rc3.git1.fc9 #1 SMP Sat Nov 24 05:51:18 EST 2007 i686 athlon Alert Count 9010 First Seen Sun 11 Nov 2007 09:11:06 AM CST Last Seen Mon 26 Nov 2007 07:17:44 PM CST Local ID f3168196-46ac-4951-ab61-b3b218534bb2 Line Numbers
Raw Audit Messages
avc: denied { execute } for comm=gdm dev=dm-0 name=rpm pid=22631 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=file tcontext=system_u:object_r:rpm_exec_t:s0
Summary SELinux is preventing gdm (xdm_t) "getattr" to /bin/rpm (rpm_exec_t).
Detailed Description SELinux denied access requested by gdm. It is not expected that this access is required by gdm and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /bin/rpm, restorecon -v /bin/rpm If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
Additional Information
Source Context system_u:system_r:xdm_t:SystemLow-SystemHigh Target Context system_u:object_r:rpm_exec_t Target Objects /bin/rpm [ file ] Affected RPM Packages rpm-4.4.2.2-11.fc9 [target] Policy RPM selinux-policy-3.0.8-44.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall_file Host Name localhost Platform Linux localhost 2.6.24-0.42.rc3.git1.fc9 #1 SMP Sat Nov 24 05:51:18 EST 2007 i686 athlon Alert Count 4515 First Seen Sun 11 Nov 2007 09:11:06 AM CST Last Seen Mon 26 Nov 2007 10:38:27 AM CST Local ID e1676a84-c6d0-45b8-97d7-c7cae2d755c1 Line Numbers
Raw Audit Messages
avc: denied { getattr } for comm=gdm dev=dm-0 path=/bin/rpm pid=3871 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=file tcontext=system_u:object_r:rpm_exec_t:s0
I have done what it recommends for me to do, however, the warnings continue.
[root@localhost ~]# restorecon -v /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/bin/sbcl. [root@localhost ~]# restorecon -v /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/bin/sbcl. [root@localhost ~]# restorecon -v /bin/rpm /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/bin/sbcl. [root@localhost ~]# restorecon -v /bin/rpm /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/bin/sbcl. [root@localhost ~]#
[root@localhost ~]# yum list updates Loading "skip-broken" plugin Loading "refresh-updatesd" plugin development 100% |=========================| 2.1 kB 00:00 texlive 100% |=========================| 951 B 00:00 [root@localhost ~]#
does not list any for selinux, selinux-policy's etc.
What should I do?
Regards,
Antonio
____________________________________________________________________________________ Be a better sports nut! Let your teams follow you with Yahoo Mobile. Try it now. http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ
Antonio Olivares wrote:
Dear all,
I have been applying the updates and still settroubleshoot pops up and gives the messages:
Summary SELinux is preventing gdm (xdm_t) "execute" to <Unknown> (rpm_exec_t).
It appears that this error happens when gdm loads. I reported other errors regarding SELinux for several problems. Most of the errors seem to effect the X server or gnome display manager.
I added to you bug ticket my SELinux error. It happens even if you relabel SELinux.
I've been booting into runlevel 3 mostly except for test. Runlevel 3 doesn't have all of the SELinux errors. Most are only showing up in runlevel 3.
--- Jim Cornette fct-cornette@insight.rr.com wrote:
Antonio Olivares wrote:
Dear all,
I have been applying the updates and still settroubleshoot pops up and gives the messages:
Summary SELinux is preventing gdm (xdm_t) "execute" to <Unknown> (rpm_exec_t).
It appears that this error happens when gdm loads. I reported other errors regarding SELinux for several problems. Most of the errors seem to effect the X server or gnome display manager.
I added to you bug ticket my SELinux error. It happens even if you relabel SELinux.
I've been booting into runlevel 3 mostly except for test. Runlevel 3 doesn't have all of the SELinux errors. Most are only showing up in runlevel 3.
-- fedora-test-list mailing list fedora-test-list@redhat.com To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
I get them on level 3 because level 5 does not work. Still Init Respawn error message. New Selinux policy packages still give the error in title. See here:
Summary SELinux is preventing gdm (xdm_t) "execute" to <Unknown> (rpm_exec_t).
Detailed Description SELinux denied access requested by gdm. It is not expected that this access is required by gdm and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for <Unknown>, restorecon -v <Unknown> If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
Additional Information
Source Context system_u:system_r:xdm_t:SystemLow-SystemHigh Target Context system_u:object_r:rpm_exec_t Target Objects None [ file ] Affected RPM Packages Policy RPM selinux-policy-3.1.2-1.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall_file Host Name localhost Platform Linux localhost 2.6.24-0.42.rc3.git1.fc9 #1 SMP Sat Nov 24 05:51:18 EST 2007 i686 athlon Alert Count 13650 First Seen Sun 11 Nov 2007 09:11:06 AM CST Last Seen Wed 28 Nov 2007 10:31:42 AM CST Local ID f3168196-46ac-4951-ab61-b3b218534bb2 Line Numbers
Raw Audit Messages
avc: denied { execute } for comm=gdm dev=dm-0 name=rpm pid=13279 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=file tcontext=system_u:object_r:rpm_exec_t:s0
Regards,
Antonio
____________________________________________________________________________________ Get easy, one-click access to your favorites. Make Yahoo! your homepage. http://www.yahoo.com/r/hs
Antonio Olivares wrote:
I've been booting into runlevel 3 mostly except for test. Runlevel 3 doesn't have all of the SELinux errors. Most are only showing up in runlevel 3.
-- fedora-test-list mailing list fedora-test-list@redhat.com To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
I get them on level 3 because level 5 does not work. Still Init Respawn error message. New Selinux policy packages still give the error in title. See here: .. Raw Audit Messages
avc: denied { execute } for comm=gdm dev=dm-0 name=rpm pid=13279 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=file tcontext=system_u:object_r:rpm_exec_t:s0
Regards,
Antonio
Are you actually logging in as root and changing to runlevel 3 with telinit? Or alternately you could unhide the grub menu with a keypress followed by pressing a for append and a space followed by entering a 3 followed by enter to boot. Services started in 5 may not be started in 3 and could lead to the error.
--- Jim Cornette fct-cornette@insight.rr.com wrote:
Antonio Olivares wrote:
I've been booting into runlevel 3 mostly except
for
test. Runlevel 3 doesn't have all of the SELinux errors. Most are only showing up in runlevel 3.
-- fedora-test-list mailing list fedora-test-list@redhat.com To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
I get them on level 3 because level 5 does not
work.
Still Init Respawn error message. New Selinux
policy
packages still give the error in title. See here: .. Raw Audit Messages
avc: denied { execute } for comm=gdm dev=dm-0
name=rpm
pid=13279 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=file tcontext=system_u:object_r:rpm_exec_t:s0
Regards,
Antonio
Are you actually logging in as root and changing to runlevel 3 with telinit? Or alternately you could unhide the grub menu with a keypress followed by pressing a for append and a space followed by entering a 3 followed by enter to boot. Services started in 5 may not be started in 3 and could lead to the error.
-- War is an equal opportunity destroyer.
-- fedora-test-list mailing list fedora-test-list@redhat.com To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
I chose append and added a 3 at the end of rhgb quiet and this still shows up. I normally select to login automatically in level 5 and since there we get the INIT: respawning error, this does not work. I have to press a key and login manually and then type startx to get X window. I guess, we will have to wait till this error(s) get fixed.
Sorry to bring this issue/complain about it. Eventually it will have to get fixed or more people see it and it will get more attention. Thanks for helping and sharing your experiences and adding valuable comments to the bug report.
Regards,
Antonio
____________________________________________________________________________________ Be a better sports nut! Let your teams follow you with Yahoo Mobile. Try it now. http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ
On Nov 28, 2007 5:26 PM, Antonio Olivares olivares14031@yahoo.com wrote:
--- Jim Cornette fct-cornette@insight.rr.com wrote:
Antonio Olivares wrote:
I've been booting into runlevel 3 mostly except
for
test. Runlevel 3 doesn't have all of the SELinux errors. Most are only showing up in runlevel 3.
-- fedora-test-list mailing list fedora-test-list@redhat.com To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
I get them on level 3 because level 5 does not
work.
Still Init Respawn error message. New Selinux
policy
packages still give the error in title. See here: .. Raw Audit Messages
avc: denied { execute } for comm=gdm dev=dm-0
name=rpm
pid=13279 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=file tcontext=system_u:object_r:rpm_exec_t:s0
Regards,
Antonio
Are you actually logging in as root and changing to runlevel 3 with telinit? Or alternately you could unhide the grub menu with a keypress followed by pressing a for append and a space followed by entering a 3 followed by enter to boot. Services started in 5 may not be started in 3 and could lead to the error.
-- War is an equal opportunity destroyer.
-- fedora-test-list mailing list fedora-test-list@redhat.com To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
I chose append and added a 3 at the end of rhgb quiet and this still shows up. I normally select to login automatically in level 5 and since there we get the INIT: respawning error, this does not work. I have to press a key and login manually and then type startx to get X window. I guess, we will have to wait till this error(s) get fixed.
Sorry to bring this issue/complain about it. Eventually it will have to get fixed or more people see it and it will get more attention. Thanks for helping and sharing your experiences and adding valuable comments to the bug report.
Regards,
Antonio
Antonio,
To provide 'temporary relief' until the problem is fixed, here is how I worked around this on my Intel 945 (i.e. thinkpad x60) system.
1. download from http://koji.fedoraproject.org/koji/buildinfo?buildID=22456 the appropriate gdm package for your system (i386, x86_64). 2. as root run 'rpm -Uvh --oldpackage gdm-2.20.1-5.fc8.i386.rpm' (or x86_64).
You should be able to come up in runlevel 5. Compiz doesn't work, and you may need to repeat the 'rpm -Uvh .....' if a 'yum update' installs a newer gdm that breaks again....
tom
On 29/11/2007, Tom London selinux@gmail.com wrote:
On Nov 28, 2007 5:26 PM, Antonio Olivares olivares14031@yahoo.com wrote:
--- Jim Cornette fct-cornette@insight.rr.com wrote:
Antonio Olivares wrote:
I've been booting into runlevel 3 mostly except
for
test. Runlevel 3 doesn't have all of the SELinux errors. Most are only showing up in runlevel 3.
-- fedora-test-list mailing list fedora-test-list@redhat.com To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
I get them on level 3 because level 5 does not
work.
Still Init Respawn error message. New Selinux
policy
packages still give the error in title. See here: .. Raw Audit Messages
avc: denied { execute } for comm=gdm dev=dm-0
name=rpm
pid=13279 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=file tcontext=system_u:object_r:rpm_exec_t:s0
Regards,
Antonio
Are you actually logging in as root and changing to runlevel 3 with telinit? Or alternately you could unhide the grub menu with a keypress followed by pressing a for append and a space followed by entering a 3 followed by enter to boot. Services started in 5 may not be started in 3 and could lead to the error.
-- War is an equal opportunity destroyer.
-- fedora-test-list mailing list fedora-test-list@redhat.com To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
I chose append and added a 3 at the end of rhgb quiet and this still shows up. I normally select to login automatically in level 5 and since there we get the INIT: respawning error, this does not work. I have to press a key and login manually and then type startx to get X window. I guess, we will have to wait till this error(s) get fixed.
Sorry to bring this issue/complain about it. Eventually it will have to get fixed or more people see it and it will get more attention. Thanks for helping and sharing your experiences and adding valuable comments to the bug report.
Regards,
Antonio
Antonio,
To provide 'temporary relief' until the problem is fixed, here is how I worked around this on my Intel 945 (i.e. thinkpad x60) system.
- download from
http://koji.fedoraproject.org/koji/buildinfo?buildID=22456 the appropriate gdm package for your system (i386, x86_64). 2. as root run 'rpm -Uvh --oldpackage gdm-2.20.1-5.fc8.i386.rpm' (or x86_64).
You should be able to come up in runlevel 5. Compiz doesn't work, and you may need to repeat the 'rpm -Uvh .....' if a 'yum update' installs a newer gdm that breaks again....
tom
Tom London
-- fedora-test-list mailing list fedora-test-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
I had this on a clean install,as setrobleshoot suggests have you tried touch .Autorelabel:restart
This will relable all files - worked for me