gconf-2 creating > unlabelled_t files
Frank Murphy
frankly3d at gmail.com
Wed Jul 2 12:40:14 UTC 2008
Do I run "cp -P /usr/libexec/gconfd-2"
-----------------------------------------------------
Summary:
SELinux is preventing gconfd-2 from creating a file with a context of
unlabeled_t on a filesystem.
Detailed Description:
SELinux is preventing gconfd-2 from creating a file with a context of
unlabeled_t on a filesystem. Usually this happens when you ask the cp command to
maintain the context of a file when copying between file systems, "cp -a" for
example. Not all file contexts should be maintained between the file systems.
For example, a read-only file type like iso9660_t should not be placed on a r/w
system. "cp -P" might be a better solution, as this will adopt the default file
context for the destination.
Allowing Access:
Use a command like "cp -P" to preserve all permissions except SELinux context.
Additional Information:
Source Context unconfined_u:object_r:unlabeled_t:s0
Target Context system_u:object_r:fs_t:s0
Target Objects .testing.writeability [ filesystem ]
Source gconfd-2
Source Path /usr/libexec/gconfd-2
Port <Unknown>
Host frank-03
Source RPM Packages GConf2-2.22.0-1.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-72.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name filesystem_associate
Host Name frank-03
Platform Linux frank-03 2.6.25.6-55.fc9.i686 #1 SMP Tue Jun
10 16:27:49 EDT 2008 i686 i686
Alert Count 1
First Seen Wed 02 Jul 2008 12:06:53 IST
Last Seen Wed 02 Jul 2008 12:06:53 IST
Local ID 9af5a524-6e39-40da-a8f0-146b28ebee10
Line Numbers
Raw Audit Messages
host=frank-03 type=AVC msg=audit(1214996813.541:52): avc: denied {
associate } for pid=9827 comm="gconfd-2" name=".testing.writeability"
scontext=unconfined_u:object_r:unlabeled_t:s0
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
host=frank-03 type=SYSCALL msg=audit(1214996813.541:52): arch=40000003
syscall=5 success=no exit=-13 a0=8652d18 a1=41 a2=1c0 a3=8652d18
items=0 ppid=1 pid=9827 auid=500 uid=500 gid=500 euid=500 suid=500
fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="gconfd-2"
exe="/usr/libexec/gconfd-2"
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
More information about the fedora-selinux-list
mailing list