SELinux is preventing access to files with the label, file_t.
Daniel J Walsh
dwalsh at redhat.com
Tue Mar 4 21:11:43 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrew Farris wrote:
> Andrew Farris wrote:
>> I have hundreds of denials that happened with gconfd-2 a few days ago
>> (socket files in tmp mostly). Now I see many of these accesses
>> prevented to file_t.
>>
>> Files such as:
>> ./keyring-vaxTjg
>> /tmp/fahcore-iolock.txt <- I'm running folding at home, it is doing that
>> ./kdecache-lordmorgul
>> /tmp/pulse-lordmorgul/pid
>> /tmp/banshee-NDesk.DBus.Bus.txt
>> /tmp/gnome-system-monitor.lordmorgul.777456431
>> ./virtual-lordmorgul.4FvBXq
>> ./.esd-500
>> ./fah
>> ./virtual-lordmorgul.xxxxx/
>>
>> And more. These are all accesses denied to /usr/sbin/tmpwatch, files
>> (normal and sockets) and directories all labeled file_t.
>
> Most of these are older files and directories as well. Is autorelabel
> *not* clearing out tmp when it labels? I wonder if it is failing to
> apply any label to these at that time?
>
Yes autorelabel does not touch /tmp, you have to remove them manually.
I am wondering if I should allow tmpwatch to handle file_t.
> Andrew Farris <lordmorgul at gmail.com> www.lordmorgul.net
> gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF 707E A2E0 F0F6 E622 C99B
> 1DF3
> No one now has, and no one will ever again get, the big picture. -
> Daniel Geer
> ----
> ----
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkfNuw8ACgkQrlYvE4MpobNoFQCeIYPo7bitw8NrJ1+8ces32LEt
3fIAn0soX3eWgWVyGw+LdjBELj1Vy5b9
=hRDa
-----END PGP SIGNATURE-----
More information about the fedora-test-list
mailing list