SELinux denial - F12

Kurian Thayil kurianmthayil at gmail.com
Sun Dec 27 13:35:50 UTC 2009


ha.. the answer was in the question itself then!!! thanks for pointing
it out.. i ll try tat..

On 12/27/09, Andrew Haley <aph at redhat.com> wrote:
> On 12/27/2009 07:20 AM, Kurian Thayil wrote:
>> Hi,
>>
>> Installed F12 and did a security update. Now, I get SELinux denial error.
>> SELinux currently in permissive mode.
>>
>> Summary:
>>
>> SELinux is preventing access to files with the label, file_t.
>>
>> Detailed Description:
>>
>> SELinux permission checks on files labeled file_t are being denied. file_t
>> is
>> the context the SELinux kernel gives to files that do not have a label.
>> This
>> indicates a serious labeling problem. No files on an SELinux box should
>> ever be
>> labeled file_t. If you have just added a new disk drive to the system you
>> can
>> relabel it using the restorecon command. Otherwise you should relabel the
>> entire
>> file system.
>>
>> Allowing Access:
>>
>> You can execute the following command as root to relabel your computer
>> system:
>> "touch /.autorelabel; reboot"
>>
>> Additional Information:
>>
>> Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
>> Target Context                system_u:object_r:file_t:s0
>> Target Objects                /home [ dir ]
>> Source                        gdm-simple-gree
>> Source Path                   /usr/libexec/gdm-simple-greeter
>> Port                          <Unknown>
>> Host                          home-desktop
>> Source RPM Packages           gdm-2.28.1-24.fc12
>> Target RPM Packages           filesystem-2.4.30-2.fc12
>> Policy RPM                    selinux-policy-3.6.32-41.fc12
>> Selinux Enabled               True
>> Policy Type                   targeted
>> MLS Enabled                   True
>> Enforcing Mode                Enforcing
>> Plugin Name                   file
>> Host Name                     home-desktop
>> Platform                      Linux home-desktop
>> 2.6.31.5-127.fc12.i686.PAE #1
>>                               SMP Sat Nov 7 21:25:57 EST 2009 i686 i686
>> Alert Count                   1
>> First Seen                    Thu 24 Dec 2009 02:30:08 AM IST
>> Last Seen                     Thu 24 Dec 2009 02:30:08 AM IST
>> Local ID                      6b1ff85c-05fe-4d37-945b-6cd2d54b92fa
>> Line Numbers
>>
>> Raw Audit Messages
>>
>> node=home-desktop type=AVC msg=audit(1261602008.595:11510): avc:  denied
>> {
>> search } for  pid=1357 comm="gdm-simple-gree" name="/" dev=sda2 ino=2
>> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>
>> node=home-desktop type=SYSCALL msg=audit(1261602008.595:11510):
>> arch=40000003
>> syscall=292 success=no exit=-13 a0=12 a1=8d6f400 a2=1002fce a3=8d6ec48
>> items=0
>> ppid=1325 pid=1357 auid=4294967295 uid=42 gid=473 euid=42 suid=42 fsuid=42
>>
>> egid=473 sgid=473 fsgid=473 tty=(none) ses=4294967295
>> comm="gdm-simple-gree"
>> exe="/usr/libexec/gdm-simple-greeter" subj=system_u:system_r:xdm_t:s0-
>> s0:c0.c1023 key=(null)
>>
>> Any idea why this happened after the update? What could be done to prevent
>>
>> this. I am quite a newbie in SELinux scenario. Does, restorecon command
>> fix
>> (restorecon /usr/libexec/gdm-simple-greeter)?
>
> Files in your homedir are mis-labelled.  The easiest way to fix it is to
>
>> You can execute the following command as root to relabel your computer
>> system:
>> "touch /.autorelabel; reboot"
>
> Andrew.
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>




More information about the fedora-list mailing list