SELinux is preventing access to files with the label, file_t.
Andrew Farris
lordmorgul at gmail.com
Wed Mar 5 04:25:04 UTC 2008
On Tue, Mar 4, 2008 at 6:12 PM, Antonio Olivares
<olivares14031 at yahoo.com> wrote:
> Hope the file does not come back :)
I went ahead and switched my setup to use tmpfs as well, and cleared
out /tmp completely then logged back in. I have no problems with
file_t in tmp yet, but I do in my home. Here is what showed up. I
didn't realize the files I posted before were partially here in my
home causing these denials.
Summary:
SELinux is preventing access to files with the label, file_t.
host=cirithungol type=AVC msg=audit(1204690113.416:341): avc: denied
{ read } for pid=16945 comm="npviewer.bin" name=".Xauthority"
dev=sdb2 ino=3742
scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
tcontext=system_u:object_r:file_t:s0 tclass=file
host=cirithungol type=SYSCALL msg=audit(1204690113.416:341):
arch=40000003 syscall=33 success=no exit=-13 a0=bfa3afb9 a1=4
a2=b1d9f0 a3=bfa3afb9 items=0 ppid=16931 pid=16945 auid=500 uid=500
gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500
tty=(none) ses=1 comm="npviewer.bin"
exe="/usr/lib/nspluginwrapper/npviewer.bin"
subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null)
Summary:
SELinux is preventing access to files with the label, file_t.
host=cirithungol type=AVC msg=audit(1204689737.53:325): avc: denied
{ read } for pid=16233 comm="ck-get-x11-serv" name=".Xauthority"
dev=sdb2 ino=3742
scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023
tcontext=system_u:object_r:file_t:s0 tclass=file
host=cirithungol type=SYSCALL msg=audit(1204689737.53:325):
arch=40000003 syscall=33 success=no exit=-13 a0=bfd33fa6 a1=4
a2=b1d9f0 a3=bfd33fa6 items=0 ppid=16232 pid=16233 auid=4294967295
uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500
fsgid=500 tty=(none) ses=4294967295 comm="ck-get-x11-serv"
exe="/usr/libexec/ck-get-x11-server-pid"
subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null)
It turns out ~/.Xauthority is labeled file_t, so is
~/.xsession-errors. I've just deleted both and going to see if they
get labeled right when I login again. These should be user_home_t I
would assume...
'ls -lRz ~ | grep file_t' showed hundreds of files labeled file_t.
Going to go relabel everything again and see if they persist.
--
Andrew Farris <lordmorgul at gmail.com> www.lordmorgul.net
gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF 707E A2E0 F0F6 E622 C99B 1DF3
No one now has, and no one will ever again get, the big picture. - Daniel Geer
----
----
More information about the fedora-test-list
mailing list