[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux security alert



I am not very knowledgeable about selinux, but I will see what I can do.

vinny wrote:

> [find has a permissive type (prelink_cron_system_t). This access was not
> denied.]
> 
The section in [] brackets says that since the command has a "permissive type", the 
"access was not denied"; in other words the command ran without being hindered by 
selinux, so you can read the security message as a warning.

> SELinux denied access requested by find. /var/lib/misc/prelink.full may
> be a
> mislabeled. /var/lib/misc/prelink.full default SELinux type is
> prelink_var_lib_t,
> but its current type is cron_var_lib_t. Changing this file back to the
> default
> type, may fix your problem.
> 
This means that /var/lib/misc/prelink.full has the wrong file context (to check 
context: ls -Z filename). Selinux should have blocked access, but the context is 
permissive, so it didn't (refer to the section at the very beginning in the [] 
brackets).

> You can restore the default system context to this file by executing the
> restorecon command.
> 
> /sbin/restorecon '/var/lib/misc/prelink.full'
> 
If this error message bothers you, even though selinux tells you that it didn't 
prevent the command from executing, you have the option to restore the context of 
the file using this command:

sudo /sbin/restorecon -v '/var/lib/misc/prelink.full'

-v means verbose, so you will see if a change was made to the context.

Sometimes files will get the wrong context each time you reboot, so you might have 
to keep on doing this every time you reboot, or wait for an update that fixes the 
default context. If you want to know which rpm package creates or supplies this 
file:

yum provides */prelink.full
or
yum provides /var/lib/misc/prelink.full

I don't know what kind of file prelink.full is, but if it comes from an installed 
rpm package from the fedora repositories, you could file a bug report at 
bugzilla.redhat.com. If you created the file or edited the file, then you must 
restore the context.

I hope this helps sufficiently.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]