From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Mon, 14 Feb 2011 19:44:52 +0100
Subject: [refpolicy] [PATCH 1/1] Allow xfce (and most likely other DEs)
 to properly work with the authorization information
In-Reply-To: <4D594099.9040507@tresys.com>
References: <20110206151446.GA13019@siphos.be>
 <4D594099.9040507@tresys.com>
Message-ID: <20110214184452.GA13533@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, Feb 14, 2011 at 09:47:53AM -0500, Christopher J. PeBenito wrote:
> On 2/6/2011 10:14 AM, Sven Vermeulen wrote:
> > On my system, I use XFCE and start X from the commandline (using "startx")
> > rather than through a graphical DM. During the start-up, XFCE4 creates
> > temporary ICE files in /tmp (like /tmp/.xfsm-ICE-ABCDEF) which are later
> > read in by iceauth and at some point X.
> >
> > I'm not that good at the entire ICE stuff, but without this, I was unable to
> > shut down my session ("log off").
> 
> What specific process was creating the files?  Do you still have the 
> logs?  I'm interested in seeing them, as user processes creating ICE 
> files seems wrong.

Sure, easily reconstructed, it's xfce4-session (as per the following
auditallow granted log lines):

Feb 14 19:40:29 hpl kernel: [ 7182.399817] type=1400 audit(1297708829.027:209): avc:  granted  { create } for  pid=13133 comm="xfce4-session" name=".xfsm-ICE-IU6VQV" scontext=staff_u:staff_r:staff_t tcontext=staff_u:object_r:user_tmp_t tclass=file
Feb 14 19:40:29 hpl kernel: [ 7182.399848] type=1400 audit(1297708829.027:210): avc:  granted  { create } for  pid=13133 comm="xfce4-session" name=".xfsm-ICE-4U6VQV" scontext=staff_u:staff_r:staff_t tcontext=staff_u:object_r:user_tmp_t tclass=file

Wkr,
	Sven Vermeulen