[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux security alert

The problem is that the SElinux message re-occurs.  It appears that cron creates the file with cron's context and then SElinux gets triggered because the context is wrong.   Why does cron create the file and leave it lying around?  And if cron needs to create the file why isn't SElinux aware of this and not complain?


On Sat, Dec 19, 2009 at 1:04 PM, Petrus de Calguarium <kwhiskerz gmail com> wrote:
I am not very knowledgeable about selinux, but I will see what I can do.

vinny wrote:

> [find has a permissive type (prelink_cron_system_t). This access was not
> denied.]
The section in [] brackets says that since the command has a "permissive type", the
"access was not denied"; in other words the command ran without being hindered by
selinux, so you can read the security message as a warning.

> SELinux denied access requested by find. /var/lib/misc/prelink.full may
> be a
> mislabeled. /var/lib/misc/prelink.full default SELinux type is
> prelink_var_lib_t,
> but its current type is cron_var_lib_t. Changing this file back to the
> default
> type, may fix your problem.
This means that /var/lib/misc/prelink.full has the wrong file context (to check
context: ls -Z filename). Selinux should have blocked access, but the context is
permissive, so it didn't (refer to the section at the very beginning in the []

> You can restore the default system context to this file by executing the
> restorecon command.
> /sbin/restorecon '/var/lib/misc/prelink.full'
If this error message bothers you, even though selinux tells you that it didn't
prevent the command from executing, you have the option to restore the context of
the file using this command:

sudo /sbin/restorecon -v '/var/lib/misc/prelink.full'

-v means verbose, so you will see if a change was made to the context.

Sometimes files will get the wrong context each time you reboot, so you might have
to keep on doing this every time you reboot, or wait for an update that fixes the
default context. If you want to know which rpm package creates or supplies this

yum provides */prelink.full
yum provides /var/lib/misc/prelink.full

I don't know what kind of file prelink.full is, but if it comes from an installed
rpm package from the fedora repositories, you could file a bug report at
bugzilla.redhat.com. If you created the file or edited the file, then you must
restore the context.

I hope this helps sufficiently.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]