[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

SELinux security alert

I installed F12 in 2 desktop no problem both working perfectly.
lately one has developed this security problem, it suggest to rename a
file as a possible cure, I do not understand how can a file change name
by it self. So before I make a mess of things I better ask for help.


SELinux is preventing /bin/find "getattr" access
to /var/lib/misc/prelink.full.

Detailed Description:

[find has a permissive type (prelink_cron_system_t). This access was not

SELinux denied access requested by find. /var/lib/misc/prelink.full may
be a
mislabeled. /var/lib/misc/prelink.full default SELinux type is
but its current type is cron_var_lib_t. Changing this file back to the
type, may fix your problem.

File contexts can be assigned to a file in the following ways.

  * Files created in a directory receive the file context of the parent
    directory by default.
  * The SELinux policy might override the default label inherited from
    parent directory by specifying a process running in context A which
    a file in a directory labeled B will instead create the file with
label C.
    An example of this would be the dhcp client running with the
dhclient_t type
    and creating a file in the directory /etc. This file would normally
    the etc_t type due to parental inheritance but instead the file is
    with the net_conf_t type because the SELinux policy specifies this.
  * Users can change the file context on a file using tools such as
chcon, or

This file could have been mislabeled either by user error, or if an
confined application was run under the wrong domain.

However, this might also indicate a bug in SELinux because the file
should not
have been labeled with this type.

If you believe this is a bug, please file a bug report against this

Allowing Access:

You can restore the default system context to this file by executing the
restorecon command. restorecon '/var/lib/misc/prelink.full', if this
file is a
directory, you can recursively restore using restorecon -R

Fix Command:

/sbin/restorecon '/var/lib/misc/prelink.full'

Additional Information:

Source Context
Target Context                system_u:object_r:cron_var_lib_t:s0
Target Objects                /var/lib/misc/prelink.full [ file ]
Source                        find
Source Path                   /bin/find
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           findutils-4.4.2-4.fc12
Target RPM Packages           prelink-0.4.2-4.fc12
Policy RPM                    selinux-policy-3.6.32-55.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   restorecon
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                     #1 SMP Wed Dec
                              11:00:30 EST 2009 i686 i686
Alert Count                   4
First Seen                    Sat 12 Dec 2009 07:32:14 AM EST
Last Seen                     Sat 19 Dec 2009 01:45:15 PM EST
Local ID                      e5732596-f308-439c-9920-c4a394f95061
Line Numbers                  

Raw Audit Messages            

node=localhost.localdomain type=AVC msg=audit(1261248315.138:22): avc:
denied  { getattr } for  pid=2950 comm="find"
path="/var/lib/misc/prelink.full" dev=dm-0 ino=2402
tcontext=system_u:object_r:cron_var_lib_t:s0 tclass=file

node=localhost.localdomain type=SYSCALL msg=audit(1261248315.138:22):
arch=40000003 syscall=300 success=yes exit=0 a0=ffffff9c a1=8594704
a2=85946a4 a3=100 items=0 ppid=2949 pid=2950 auid=0 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="find"
subj=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 key=(null)

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]