SELinux - copying ISO file content
Daniel J Walsh
dwalsh at redhat.com
Mon Oct 6 14:05:00 UTC 2008
Christian Iseli wrote:
> On Fri, 03 Oct 2008 09:16:12 -0400, Daniel J Walsh wrote:
>> Well first this is not a copy it is a move. The problem here is the
>> mv command is attempting to retain the file context of
>> gr.078212.108v2.pdf, if you did a cp it would work.
>
> IIRC, cp failed too.
>
>> What avc are you seeing?
>
> Below are those I used to feed to audit2allow
>
> Cheers,
> Christian
>
> host=Rivendell type=AVC msg=audit(1222961359.881:97): avc: denied { associate }for pid=3116 comm="mv" name="gr.078212.108v2.pdf" scontext=unconfined_u:object_r:user_home_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem
> host=Rivendell type=SYSCALL msg=audit(1222961359.881:97): arch=40000003 syscall=5 success=no exit=-13 a0=92aa3f0 a1=80c1 a2=180 a3=80c1 items=0 ppid=2778 pid=3116 auid=2890 uid=2890 gid=2890 euid=2890 suid=2890 fsuid=2890 egid=2890 sgid=2890 fsgid=2890 tty=pts2 ses=2 comm="mv" exe="/bin/mv" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
> host=Rivendell type=AVC msg=audit(1223001293.211:917): avc: denied { getattr } for pid=5913 comm="updatedb" path="/home/chris/VMShared" dev=vboxsf ino=0 scontext=system_u:system_r:locate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
> host=Rivendell type=SYSCALL msg=audit(1223001293.211:917): arch=40000003 syscall=196 success=no exit=-13 a0=9a1f6b5 a1=bfcf70a8 a2=9e4ff4 a3=9a1f6b5 items=0 ppid=5907 pid=5913 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=199 comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:locate_t:s0-s0:c0.c1023 key=(null)
> host=Rivendell type=AVC msg=audit(1223001183.679:916): avc: denied { getattr } for pid=5580 comm="df" name="/" dev=vboxsf ino=0 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem
> host=Rivendell type=SYSCALL msg=audit(1223001183.679:916): arch=40000003 syscall=268 success=no exit=-13 a0=86b24f0 a1=54 a2=bf9c0958 a3=0 items=0 ppid=5578 pid=5580 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)ses=199 comm="df" exe="/bin/df" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null)
>
I don't know what vmshared is> It is beling labeled as a unlabeled_t
which means the kernel policy does not know what this file system is.
If you run restorecon -R -v ~/
Does it change the context on this file system?
More information about the fedora-devel-list
mailing list