SELinux is preventing /usr/libexec/gdm-session-worker from {read/write/create} accesses on the directory root.

Solution Verified - Updated -

Issue

  • An example AVC denial seen in /var/log/messages and expanded by sealert to view the complete message
SELinux is preventing /usr/libexec/gdm-session-worker from {read/write/create} accesses on the directory root.
[...]
Raw Audit Messages
type=AVC msg=audit(1362096449.664:328): avc:  denied  { create } for  pid=1245 comm="gdm-session-wor" name=".cache" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir
type=SYSCALL msg=audit(1362096449.664:328): arch=x86_64 syscall=mkdir success=no exit=EACCES a0=1135200 a1=1c0 a2=113520c a3=11 items=0 ppid=1217 pid=1245 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=2 tty=(none) comm=gdm-session-wor exe=/usr/libexec/gdm-session-worker subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

Environment

  • Red Hat Enterprise Linux (All Versions)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content