[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux security alert



On 12/19/2009 02:06 PM, vinny wrote:
> Hello,
> I installed F12 in 2 desktop no problem both working perfectly.
> lately one has developed this security problem, it suggest to rename a
> file as a possible cure, I do not understand how can a file change name
> by it self. So before I make a mess of things I better ask for help.
> Vinny 
> 
> Summary:
> 
> SELinux is preventing /bin/find "getattr" access
> to /var/lib/misc/prelink.full.
> 
> Detailed Description:
> 
> [find has a permissive type (prelink_cron_system_t). This access was not
> denied.]
> 
> SELinux denied access requested by find. /var/lib/misc/prelink.full may
> be a
> mislabeled. /var/lib/misc/prelink.full default SELinux type is
> prelink_var_lib_t,
> but its current type is cron_var_lib_t. Changing this file back to the
> default
> type, may fix your problem.
> 
> File contexts can be assigned to a file in the following ways.
> 
>   * Files created in a directory receive the file context of the parent
>     directory by default.
>   * The SELinux policy might override the default label inherited from
> the
>     parent directory by specifying a process running in context A which
> creates
>     a file in a directory labeled B will instead create the file with
> label C.
>     An example of this would be the dhcp client running with the
> dhclient_t type
>     and creating a file in the directory /etc. This file would normally
> receive
>     the etc_t type due to parental inheritance but instead the file is
> labeled
>     with the net_conf_t type because the SELinux policy specifies this.
>   * Users can change the file context on a file using tools such as
> chcon, or
>     restorecon.
> 
> This file could have been mislabeled either by user error, or if an
> normally
> confined application was run under the wrong domain.
> 
> However, this might also indicate a bug in SELinux because the file
> should not
> have been labeled with this type.
> 
> If you believe this is a bug, please file a bug report against this
> package.
> 
> Allowing Access:
> 
> You can restore the default system context to this file by executing the
> restorecon command. restorecon '/var/lib/misc/prelink.full', if this
> file is a
> directory, you can recursively restore using restorecon -R
> '/var/lib/misc/prelink.full'.
> 
> Fix Command:
> 
> /sbin/restorecon '/var/lib/misc/prelink.full'
> 
> Additional Information:
> 
> Source Context
> system_u:system_r:prelink_cron_system_t:s0-s0:c0.c
>                               1023
> Target Context                system_u:object_r:cron_var_lib_t:s0
> Target Objects                /var/lib/misc/prelink.full [ file ]
> Source                        find
> Source Path                   /bin/find
> Port                          <Unknown>
> Host                          localhost.localdomain
> Source RPM Packages           findutils-4.4.2-4.fc12
> Target RPM Packages           prelink-0.4.2-4.fc12
> Policy RPM                    selinux-policy-3.6.32-55.fc12
> Selinux Enabled               True
> Policy Type                   targeted
> Enforcing Mode                Enforcing
> Plugin Name                   restorecon
> Host Name                     localhost.localdomain
> Platform                      Linux localhost.localdomain
>                               2.6.31.6-166.fc12.i686.PAE #1 SMP Wed Dec
> 9
>                               11:00:30 EST 2009 i686 i686
> Alert Count                   4
> First Seen                    Sat 12 Dec 2009 07:32:14 AM EST
> Last Seen                     Sat 19 Dec 2009 01:45:15 PM EST
> Local ID                      e5732596-f308-439c-9920-c4a394f95061
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> node=localhost.localdomain type=AVC msg=audit(1261248315.138:22): avc:
> denied  { getattr } for  pid=2950 comm="find"
> path="/var/lib/misc/prelink.full" dev=dm-0 ino=2402
> scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:cron_var_lib_t:s0 tclass=file
> 
> node=localhost.localdomain type=SYSCALL msg=audit(1261248315.138:22):
> arch=40000003 syscall=300 success=yes exit=0 a0=ffffff9c a1=8594704
> a2=85946a4 a3=100 items=0 ppid=2949 pid=2950 auid=0 uid=0 gid=0 euid=0
> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="find"
> exe="/bin/find"
> subj=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 key=(null)
> 
> 
> 
> 

Fixed in selinux-policy-3.6.32-59.fc12.noarch
yum update selinux-policy-targeted --enablerepo=updatest-testing

I believe this is now fixed in this release.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]