[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux is preventing access to files with the label, file_t.

Hash: SHA1

Antonio Olivares wrote:
> --- Andrew Farris <lordmorgul gmail com> wrote:
>> Antonio Olivares wrote:
>>>>> SELinux is preventing access to files with the
>>>> label,
>>>>> file_t.
>>>> Is this file being created from a virtual
>> machine? 
>>>> How is this file
>>>> getting there?
>> In my case it is definitely not a virtual machine
>> (I'm not running any on that 
>> box), but I'm seeing the same thing happen with a
>> variety of files in /tmp. 
>> They all seem to be session data files of some type.
>> I have hundreds of denials that happened with
>> gconfd-2 a few days ago (socket 
>> files in tmp mostly).  Now I see many of these
>> accesses prevented to file_t.
>> Files such as:
>> ./keyring-vaxTjg
>> /tmp/fahcore-iolock.txt  <- I'm running folding at
>> home, it is doing that
>> ./kdecache-lordmorgul
>> /tmp/pulse-lordmorgul/pid
>> /tmp/banshee-NDesk.DBus.Bus.txt
>> /tmp/gnome-system-monitor.lordmorgul.777456431
>> ./virtual-lordmorgul.4FvBXq
>> ./.esd-500
>> ./fah
>> ./virtual-lordmorgul.xxxxx/
>> And more.  These are all accesses denied to
>> /usr/sbin/tmpwatch, files (normal 
>> and sockets) and directories all labeled file_t.
>> This list is about a third of the denials I've seen
>> pop up just this morning. 
>> I've seen this occurring for several days (if not
>> more than a week) just have 
>> not dealt with it yet.  The issue is probably not a
>> very recent change.  I've 
>> had several relabels, new kernels, and new policy
>> while seeing this same issue, 
>> many denials to /usr/bin/tmpwatch for file_t.
>> -- 
>> Andrew Farris <lordmorgul gmail com>
>> www.lordmorgul.net
>>   gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF
>> 707E A2E0 F0F6 E622 C99B 1DF3
>> No one now has, and no one will ever again get, the
>> big picture. - Daniel Geer
>> ----                                                
>>                       ----
>> -- 
>> fedora-test-list mailing list
>> fedora-test-list redhat com
>> To unsubscribe: 
> https://www.redhat.com/mailman/listinfo/fedora-test-list
> Great to hear that Andrew, I thought I was the only
> one experiencing this kind of denials with the file_t.
>  I have done touch ./autorelabel; reboot several times
> already and that is why I submit the setroubleshoot
> complaints.  
> Regards,
> Antonio 
>       ____________________________________________________________________________________
> Never miss a thing.  Make Yahoo your home page. 
> http://www.yahoo.com/r/hs
Can you just delete these files from /tmp/

They may have been there before the relabel.

restorecon and fixfiles do not touch certain directories /tmp being one
of them.
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]