[CentOS] ltsp & Selinux

Mon Nov 25 12:26:25 UTC 2013
Johan Vermeulen <jvermeulen at cawdekempen.be>

Hello All,

I set up ltsp regulary, on Centos6 machines.

This morning I have a Selinux problem that usualy does not occur:
after setting everything up, the thinclients boot, but nobody can login.

It only works after the command :

# echo 0 > /selinux/enforce

I tried this semanage command:

# semanage fcontext -a -t bin_t /usr/bin/xauth

but it makes no difference.

The message I'm now seeing in /var/log/audit/audit.log :

type=AVC msg=audit(1385112688.399:67769): avc:  denied  { write } for  
pid=8218 comm="xauth" name="caw" dev=md1 ino=262145 
scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 
tcontext=unconfined_u:object_r:home_root_t:s0 tclass=dir
type=SYSCALL msg=audit(1385112688.399:67769): arch=c000003e syscall=2 
success=no exit=-13 a0=7fffdecf5c60 a1=c1 a2=180 a3=8 items=0 ppid=8217 
pid=8218 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 
sgid=500 fsgid=500 tty=(none) ses=9 comm="xauth" exe="/usr/bin/xauth" 
subj=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 key=(null)

Can anybody help me overcome this without disabling Selinux?

Many thanks.
Greetings, J.

-- 
Johan Vermeulen
IT-medewerker


Opensource Software is the future.