SElinux problem

John Poelstra poelstra at redhat.com
Thu Jan 17 06:44:51 UTC 2008 

Karl Larsen said the following on 01/16/2008:
>    I got this setroubleshoot message:
> 
> SELinux is preventing /sbin/ldconfig (ldconfig_t) "write" to 
> /var/log/nvidia-installer.log (var_log_t). The SELinux type var_log_t, 
> is a generic type for all files in the directory and very few processes 
> (SELinux Domains) are allowed to write to this SELinux type. This type 
> of denial usual indicates a mislabeled file. By default a file created 
> in a directory has the gets the context of the parent directory, but 
> SELinux policy has rules about the creation of directories, that say if 
> a process running in one SELinux Domain (D1) creates a file in a 
> directory with a particular SELinux File Context (F1) the file gets a 
> different File Context (F2). The policy usually allows the SELinux 
> Domain (D1) the ability to write or append on (F2). But if for some 
> reason a file (/var/log/nvidia-installer.log) was created with the wrong 
> context, this domain will be denied. The usual solution to this problem 
> is to reset the file context on the target file, restorecon -v 
> /var/log/nvidia-installer.log. If the file context does not change from 
> var_log_t, then this is probably a bug in policy. Please file a bug 
> report against the selinux-policy package. If it does change, you can 
> try your application again to see if it works. The file context could 
> have been mislabeled by editing the file or moving the file from a 
> different directory, if the file keeps getting mislabeled, check the 
> init scripts to see if they are doing something to mislabel the file.
> 
> I did as they suggested and it seemed to fix the problem. This is the 
> first error SElinux has made on F8. It was so bad on F7 I deleted it.
> 
> 
Hi,

May I kindly suggest that you get a blog and put stuff like this there? 
  Most people reading this list are not looking for news about your 
computer or your personal daily diary [1].

List traffic is high enough as it is. If you feel that this is a bug 
(which in this case you should probably file with nvidia), please file 
one.  If you want to tell people about what happens in your daily 
computing experience, create a blog and interested people people can 
read about it there :)

John

[1] I've refrained from commenting until now.  Many of your previous 
posts including today's about pulseaudio fall into the same category.

More information about the fedora-list mailing list