Error on relable for SELinux

Arthur Pemberton pemboa at gmail.com
Thu Sep 27 18:06:10 UTC 2007 

On 9/27/07, Les <hlhowell at pacbell.net> wrote:
> I need a SELinux person to explain this error for me.  It seems to occur
> when I try to print from the web.
>
> The suggested command "restorecon -v Par0 doesn't work because for one
> thing Par0 doesn't exist I think.  The error seems to be that something
> wants to relable sbin/udevd to par0, and since that didn't occur I
> suspect that the problem is not with Par0, but rather the /sbin/udevd.
> And since I think this is a system file, I am not sure it should be
> relabled anyway, without causing other problems.  At least that is my
> take.  Any ideas?
>
>         Please help with detailed information.  I do not want to mess up my
> system, which seems to be working well except for this.
>
> Regards,
> Les H
>
> Here is the output from the SETroubleshoot window:
>
> Summary
>     SELinux is preventing /sbin/udevd (udev_t) "relabelto" to par0
> (device_t).
>
> Detailed Description
>     SELinux denied access requested by /sbin/udevd. It is not expected
> that this
>     access is required by /sbin/udevd and this access may signal an
> intrusion
>     attempt. It is also possible that the specific version or
> configuration of
>     the application is causing it to require additional access.
>
> Allowing Access
>     Sometimes labeling problems can cause SELinux denials.  You could
> try to
>     restore the default system file context for par0, restorecon -v par0
> If this
>     does not work, there is currently no automatic way to allow this
> access.
>     Instead,  you can generate a local policy module to allow this
> access - see
>     http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can
> disable
>     SELinux protection altogether. Disabling SELinux protection is not
>     recommended. Please file a
> http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
>     against this package.
>
> Additional Information
>
> Source Context
> system_u:system_r:udev_t:SystemLow-SystemHigh
> Target Context                system_u:object_r:device_t
> Target Objects                par0 [ lnk_file ]
> Affected RPM Packages         udev-113-12.fc7 [application]
> Policy RPM                    selinux-policy-2.6.4-42.fc7
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Permissive
> Plugin Name                   plugins.catchall_file
> Host Name                     localhost.localdomain
> Platform                      Linux localhost.localdomain
> 2.6.22.7-85.fc7 #1 SMP
>                               Fri Sep 21 19:53:05 EDT 2007 i686 i686
> Alert Count                   5
> First Seen                    Sat 15 Sep 2007 12:20:19 PM PDT
> Last Seen                     Thu 27 Sep 2007 10:10:01 AM PDT
> Local ID                      3b8dfa9b-fb5a-489d-9750-ea5776718542
> Line Numbers
>
> Raw Audit Messages
>
> avc: denied { relabelto } for comm="udevd" dev=tmpfs egid=0 euid=0
> exe="/sbin/udevd" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="par0"
> pid=3273
> scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0
> subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=lnk_file
> tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0
>

There is an SELinux list where I'm sure you will find much more
reliable assistance:
http://www.redhat.com/mailman/listinfo/fedora-selinux-list

-- 
Fedora 7 : sipping some of that moonshine
( www.pembo13.com )

More information about the fedora-list mailing list