Selinux problems

James Allsopp jamesaallsopp at googlemail.com
Tue Dec 8 11:21:55 UTC 2009 

Hi,
I keep getting this SELinux issue, This is a new install of Fedora 12, and I
just copied all of my home directory back to this machine from an external
after install. I've tried running "restorecon /home" but no change.

Any ideas,

James


Summary:

SELinux is preventing access to files with the label, file_t.

Detailed Description:

[gdm-session-wor has a permissive type (xdm_t). This access was not denied.]

SELinux permission checks on files labeled file_t are being denied. file_t
is
the context the SELinux kernel gives to files that do not have a label. This
indicates a serious labeling problem. No files on an SELinux box should ever
be
labeled file_t. If you have just added a new disk drive to the system you
can
relabel it using the restorecon command. Otherwise you should relabel the
entire
file system.

Allowing Access:

You can execute the following command as root to relabel your computer
system:
"touch /.autorelabel; reboot"

Additional Information:

Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context                unconfined_u:object_r:file_t:s0
Target Objects                /home/ja [ dir ]
Source                        gdm-session-wor
Source Path                   /usr/libexec/gdm-session-worker
Port                          <Unknown>
Host                          Mexican
Source RPM Packages           gdm-2.28.1-24.fc12
Target RPM Packages
Policy RPM                    selinux-policy-3.6.32-41.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   file
Host Name                     Mexican
Platform                      Linux Mexican 2.6.31.5-127.fc12.x86_64 #1 SMP
Sat
                              Nov 7 21:11:14 EST 2009 x86_64 x86_64
Alert Count                   30
First Seen                    Sun 22 Nov 2009 11:33:30 AM GMT
Last Seen                     Sun 29 Nov 2009 10:42:34 AM GMT
Local ID                      3f3896fb-4f17-4b2c-b276-038ede6488fa
Line Numbers

Raw Audit Messages

node=Mexican type=AVC msg=audit(1259491354.745:33799): avc:  denied  {
search } for  pid=2090 comm="gdm-session-wor" name="ja" dev=dm-2 ino=57347
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:file_t:s0 tclass=dir

node=Mexican type=SYSCALL msg=audit(1259491354.745:33799): arch=c000003e
syscall=4 success=yes exit=73014444160 a0=7ebff0 a1=7fffbd93d460
a2=7fffbd93d460 a3=1 items=0 ppid=2072 pid=2090 auid=500 uid=500 gid=500
euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1
comm="gdm-session-wor" exe="/usr/libexec/gdm-session-worker"
subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20091208/2c09016f/attachment-0001.htm>

More information about the fedora-list mailing list