Error on relable for SELinux
Les
hlhowell at pacbell.net
Thu Sep 27 17:25:34 UTC 2007
I need a SELinux person to explain this error for me. It seems to occur
when I try to print from the web.
The suggested command "restorecon -v Par0 doesn't work because for one
thing Par0 doesn't exist I think. The error seems to be that something
wants to relable sbin/udevd to par0, and since that didn't occur I
suspect that the problem is not with Par0, but rather the /sbin/udevd.
And since I think this is a system file, I am not sure it should be
relabled anyway, without causing other problems. At least that is my
take. Any ideas?
Please help with detailed information. I do not want to mess up my
system, which seems to be working well except for this.
Regards,
Les H
Here is the output from the SETroubleshoot window:
Summary
SELinux is preventing /sbin/udevd (udev_t) "relabelto" to par0
(device_t).
Detailed Description
SELinux denied access requested by /sbin/udevd. It is not expected
that this
access is required by /sbin/udevd and this access may signal an
intrusion
attempt. It is also possible that the specific version or
configuration of
the application is causing it to require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could
try to
restore the default system file context for par0, restorecon -v par0
If this
does not work, there is currently no automatic way to allow this
access.
Instead, you can generate a local policy module to allow this
access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.
Additional Information
Source Context
system_u:system_r:udev_t:SystemLow-SystemHigh
Target Context system_u:object_r:device_t
Target Objects par0 [ lnk_file ]
Affected RPM Packages udev-113-12.fc7 [application]
Policy RPM selinux-policy-2.6.4-42.fc7
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Permissive
Plugin Name plugins.catchall_file
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.22.7-85.fc7 #1 SMP
Fri Sep 21 19:53:05 EDT 2007 i686 i686
Alert Count 5
First Seen Sat 15 Sep 2007 12:20:19 PM PDT
Last Seen Thu 27 Sep 2007 10:10:01 AM PDT
Local ID 3b8dfa9b-fb5a-489d-9750-ea5776718542
Line Numbers
Raw Audit Messages
avc: denied { relabelto } for comm="udevd" dev=tmpfs egid=0 euid=0
exe="/sbin/udevd" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="par0"
pid=3273
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=lnk_file
tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0
More information about the fedora-list
mailing list