On 12/30/2009 11:14 AM, Göran Uddeborg wrote:
Dominick Grift:
Well for starters the file is mislabeled:
The Question is: why did this not happen?
Thanks for your analysis.
I'll try to investigate exactly when this happens. And if it turns out to be something policy-related (rather than something that has gone wrong locally) I'll file a bugzilla.
Remove the file and see if xauth creates a new one and what the type of the newly created file is: ls -alZ /root | grep .xauth
Now it gets a context of xauth_home_t. (As usual, bugs hide when you start looking for them!)
What distro are you using?
Fedora 12. I recently upgraded the policy to selinux-policy-3.6.32-63.fc12.
BTW: It is not encouraged to login as root via ssh (-X)
:-) Between two trusted hosts on a trusted local, wired, network, I'm not too worried. (I don't actually log in as root. I log in as myself and do su or sudo. But I guess that part doesn't really make much difference.)
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
There have been some fixes around the handling of xauth in the latest policies, so this might have fixed your problems.