[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux is preventing access to files with the label, file_t.



--- Daniel J Walsh <dwalsh redhat com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Antonio Olivares wrote:
> > --- Andrew Farris <lordmorgul gmail com> wrote:
> > 
> >> Antonio Olivares wrote:
> >>>>> SELinux is preventing access to files with the
> >>>> label,
> >>>>> file_t.
> >>>> Is this file being created from a virtual
> >> machine? 
> >>>> How is this file
> >>>> getting there?
> >> In my case it is definitely not a virtual machine
> >> (I'm not running any on that 
> >> box), but I'm seeing the same thing happen with a
> >> variety of files in /tmp. 
> >> They all seem to be session data files of some
> type.
> >>
> >> I have hundreds of denials that happened with
> >> gconfd-2 a few days ago (socket 
> >> files in tmp mostly).  Now I see many of these
> >> accesses prevented to file_t.
> >>
> >> Files such as:
> >> ./keyring-vaxTjg
> >> /tmp/fahcore-iolock.txt  <- I'm running folding
> at
> >> home, it is doing that
> >> ./kdecache-lordmorgul
> >> /tmp/pulse-lordmorgul/pid
> >> /tmp/banshee-NDesk.DBus.Bus.txt
> >> /tmp/gnome-system-monitor.lordmorgul.777456431
> >> ./virtual-lordmorgul.4FvBXq
> >> ./.esd-500
> >> ./fah
> >> ./virtual-lordmorgul.xxxxx/
> >>
> >> And more.  These are all accesses denied to
> >> /usr/sbin/tmpwatch, files (normal 
> >> and sockets) and directories all labeled file_t.
> >>
> >> This list is about a third of the denials I've
> seen
> >> pop up just this morning. 
> >> I've seen this occurring for several days (if not
> >> more than a week) just have 
> >> not dealt with it yet.  The issue is probably not
> a
> >> very recent change.  I've 
> >> had several relabels, new kernels, and new policy
> >> while seeing this same issue, 
> >> many denials to /usr/bin/tmpwatch for file_t.
> >>
> >> -- 
> >> Andrew Farris <lordmorgul gmail com>
> >> www.lordmorgul.net
> >>   gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF
> >> 707E A2E0 F0F6 E622 C99B 1DF3
> >> No one now has, and no one will ever again get,
> the
> >> big picture. - Daniel Geer
> >> ----                                             
>   
> >>                       ----
> >>
> >> -- 
> >> fedora-test-list mailing list
> >> fedora-test-list redhat com
> >> To unsubscribe: 
> >>
> >
>
https://www.redhat.com/mailman/listinfo/fedora-test-list
> > 
> > Great to hear that Andrew, I thought I was the
> only
> > one experiencing this kind of denials with the
> file_t.
> >  I have done touch ./autorelabel; reboot several
> times
> > already and that is why I submit the
> setroubleshoot
> > complaints.  
> > 
> > Regards,
> > 
> > Antonio 
> > 
> > 
> >      
>
____________________________________________________________________________________
> > Never miss a thing.  Make Yahoo your home page. 
> > http://www.yahoo.com/r/hs
> > 
> Can you just delete these files from /tmp/
> 
> They may have been there before the relabel.
> 
> restorecon and fixfiles do not touch certain
> directories /tmp being one
> of them.

Do I remove everything from /tmp/?

Is there a nice script that can do the job?

Thanks,

Antonio 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (GNU/Linux)
> Comment: Using GnuPG with Fedora -
> http://enigmail.mozdev.org
> 
>
iEYEARECAAYFAkfNu4MACgkQrlYvE4MpobObeQCgnNaaSY23kdHIRx9BWsLHe+YX
> PrcAn3AZslkmVE/YB6VKH1x1Aupr/xAF
> =ntpr
> -----END PGP SIGNATURE-----
> 
> -- 
> fedora-test-list mailing list
> fedora-test-list redhat com
> To unsubscribe: 
>
https://www.redhat.com/mailman/listinfo/fedora-test-list
> 



      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]