SELinux is preventing access to files with the label, file_t.
Antonio Olivares
olivares14031 at yahoo.com
Mon Mar 3 22:05:40 UTC 2008
Dear all,
I have done this before :
"touch /.autorelabel; reboot"
several days pass and I see this file_t again and I
have to do "in quote" this again . What is file_t
anyway?
I do not know of any in my system.
Thanks,
Antonio
Summary:
SELinux is preventing access to files with the label,
file_t.
Detailed Description:
SELinux permission checks on files labeled file_t are
being denied. file_t is
the context the SELinux kernel gives to files that do
not have a label. This
indicates a serious labeling problem. No files on an
SELinux box should ever be
labeled file_t. If you have just added a new disk
drive to the system you can
relabel it using the restorecon command. Otherwise you
should relabel the entire
files system.
Allowing Access:
You can execute the following command as root to
relabel your computer system:
"touch /.autorelabel; reboot"
Additional Information:
Source Context
system_u:system_r:tmpreaper_t
Target Context system_u:object_r:file_t
Target Objects
./virtual-olivares.1dNZIJ [ dir ]
Source tmpwatch
Source Path /usr/sbin/tmpwatch
Port <Unknown>
Host localhost
Source RPM Packages tmpwatch-2.9.13-2
Target RPM Packages
Policy RPM
selinux-policy-3.3.1-9.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name file
Host Name localhost
Platform Linux localhost
2.6.25-0.80.rc3.git2.fc9 #1 SMP
Fri Feb 29 18:17:34 EST
2008 i686 athlon
Alert Count 1
First Seen Mon 03 Mar 2008 10:01:18
AM CST
Last Seen Mon 03 Mar 2008 10:01:18
AM CST
Local ID
08676827-232c-4027-aa44-9431e45d6d53
Line Numbers
Raw Audit Messages
host=localhost type=AVC msg=audit(1204560078.2:50):
avc: denied { rmdir } for pid=32386 comm="tmpwatch"
name="virtual-olivares.1dNZIJ" dev=dm-0 ino=31391789
scontext=system_u:system_r:tmpreaper_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=dir
host=localhost type=SYSCALL
msg=audit(1204560078.2:50): arch=40000003 syscall=40
success=no exit=-13 a0=960ec33 a1=28 a2=960f1a0
a3=960ec33 items=0 ppid=32384 pid=32386
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
comm="tmpwatch" exe="/usr/sbin/tmpwatch"
subj=system_u:system_r:tmpreaper_t:s0 key=(null)
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
More information about the fedora-selinux-list
mailing list