SELinux is preventing access to files with the label, file_t.

Antonio Olivares olivares14031 at yahoo.com
Wed Jan 16 16:41:08 UTC 2008 

Is anybody else seeing this?

I have seen it before.  I have not added other
disks/drives.  I do not know what file_t is?

I ask why should I do this:

"touch /.autorelabel; reboot"
?

It takes a big while.  I have already allowed a stack
from new firefox3.0 beta.  

[root at localhost ~]# chcon -t unconfined_execmem_exec_t
/usr/lib/firefox-3.0b3pre/firefox

because it complains as well.  

Thanks,

Antonio 

Summary:

SELinux is preventing access to files with the label,
file_t.

Detailed Description:

SELinux permission checks on files labeled file_t are
being denied. file_t is
the context the SELinux kernel gives to files that do
not have a label. This
indicates a serious labeling problem. No files on an
SELinux box should ever be
labeled file_t. If you have just added a new disk
drive to the system you can
relabel it using the restorecon command. Otherwise you
should relabel the entire
files system.

Allowing Access:

You can execute the following command as root to
relabel your computer system:
"touch /.autorelabel; reboot"

Additional Information:

Source Context               
system_u:system_r:tmpreaper_t
Target Context                system_u:object_r:file_t
Target Objects               
/tmp/virtual-olivares.p28akz [ dir ]
Source                       
tmpwatch(/usr/sbin/tmpwatch)
Port                          <Unknown>
Host                          localhost
Source RPM Packages           
Target RPM Packages           
Policy RPM                   
selinux-policy-3.2.5-12.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   file
Host Name                     localhost
Platform                      Linux localhost
2.6.24-0.150.rc7.git4.fc9 #1 SMP
                              Sat Jan 12 11:44:09 EST
2008 i686 athlon
Alert Count                   1
First Seen                    Wed 16 Jan 2008 08:48:19
AM CST
Last Seen                     Wed 16 Jan 2008 08:48:19
AM CST
Local ID                     
ac67f7f5-25da-43ef-8f11-682504e2a274
Line Numbers                  

Raw Audit Messages            

host=localhost type=AVC msg=audit(1200494899.124:38):
avc:  denied  { getattr } for  pid=3073
comm="tmpwatch" path="/tmp/virtual-olivares.p28akz"
dev=dm-0 ino=31391794
scontext=system_u:system_r:tmpreaper_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=dir

host=localhost type=SYSCALL
msg=audit(1200494899.124:38): arch=40000003
syscall=196 success=no exit=-13 a0=99f65bb a1=bfc24780
a2=5feff4 a3=99f6008 items=0 ppid=3071 pid=3073
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch"
exe="/usr/sbin/tmpwatch"
subj=system_u:system_r:tmpreaper_t:s0 key=(null)





      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

More information about the fedora-test-list mailing list