[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux is preventing access to files with the label, file_t.



--- Andrew Farris <lordmorgul gmail com> wrote:

> Antonio Olivares wrote:
> >>> SELinux is preventing access to files with the
> >> label,
> >>> file_t.
> 
> >> Is this file being created from a virtual
> machine? 
> >> How is this file
> >> getting there?
> 
> In my case it is definitely not a virtual machine
> (I'm not running any on that 
> box), but I'm seeing the same thing happen with a
> variety of files in /tmp. 
> They all seem to be session data files of some type.
> 
> I have hundreds of denials that happened with
> gconfd-2 a few days ago (socket 
> files in tmp mostly).  Now I see many of these
> accesses prevented to file_t.
> 
> Files such as:
> ./keyring-vaxTjg
> /tmp/fahcore-iolock.txt  <- I'm running folding at
> home, it is doing that
> ./kdecache-lordmorgul
> /tmp/pulse-lordmorgul/pid
> /tmp/banshee-NDesk.DBus.Bus.txt
> /tmp/gnome-system-monitor.lordmorgul.777456431
> ./virtual-lordmorgul.4FvBXq
> ./.esd-500
> ./fah
> ./virtual-lordmorgul.xxxxx/
> 
> And more.  These are all accesses denied to
> /usr/sbin/tmpwatch, files (normal 
> and sockets) and directories all labeled file_t.
> 
> This list is about a third of the denials I've seen
> pop up just this morning. 
> I've seen this occurring for several days (if not
> more than a week) just have 
> not dealt with it yet.  The issue is probably not a
> very recent change.  I've 
> had several relabels, new kernels, and new policy
> while seeing this same issue, 
> many denials to /usr/bin/tmpwatch for file_t.
> 
> -- 
> Andrew Farris <lordmorgul gmail com>
> www.lordmorgul.net
>   gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF
> 707E A2E0 F0F6 E622 C99B 1DF3
> No one now has, and no one will ever again get, the
> big picture. - Daniel Geer
> ----                                                
>                       ----
> 
> -- 
> fedora-test-list mailing list
> fedora-test-list redhat com
> To unsubscribe: 
>
https://www.redhat.com/mailman/listinfo/fedora-test-list
> 

Great to hear that Andrew, I thought I was the only
one experiencing this kind of denials with the file_t.
 I have done touch ./autorelabel; reboot several times
already and that is why I submit the setroubleshoot
complaints.  

Regards,

Antonio 


      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]