SELinux is preventing access to files with the label, file_t.

Antonio Olivares olivares14031 at yahoo.com
Mon Mar 3 22:05:40 UTC 2008 

Dear all, 

I have done this before :

"touch /.autorelabel; reboot"

several days pass and I see this file_t again and I
have to do "in quote" this again .  What is file_t
anyway?  
I do not know of any in my system.  

Thanks,

Antonio 

Summary:

SELinux is preventing access to files with the label,
file_t.

Detailed Description:

SELinux permission checks on files labeled file_t are
being denied. file_t is
the context the SELinux kernel gives to files that do
not have a label. This
indicates a serious labeling problem. No files on an
SELinux box should ever be
labeled file_t. If you have just added a new disk
drive to the system you can
relabel it using the restorecon command. Otherwise you
should relabel the entire
files system.

Allowing Access:

You can execute the following command as root to
relabel your computer system:
"touch /.autorelabel; reboot"

Additional Information:

Source Context               
system_u:system_r:tmpreaper_t
Target Context                system_u:object_r:file_t
Target Objects               
./virtual-olivares.1dNZIJ [ dir ]
Source                        tmpwatch
Source Path                   /usr/sbin/tmpwatch
Port                          <Unknown>
Host                          localhost
Source RPM Packages           tmpwatch-2.9.13-2
Target RPM Packages           
Policy RPM                   
selinux-policy-3.3.1-9.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   file
Host Name                     localhost
Platform                      Linux localhost
2.6.25-0.80.rc3.git2.fc9 #1 SMP
                              Fri Feb 29 18:17:34 EST
2008 i686 athlon
Alert Count                   1
First Seen                    Mon 03 Mar 2008 10:01:18
AM CST
Last Seen                     Mon 03 Mar 2008 10:01:18
AM CST
Local ID                     
08676827-232c-4027-aa44-9431e45d6d53
Line Numbers                  

Raw Audit Messages            

host=localhost type=AVC msg=audit(1204560078.2:50):
avc:  denied  { rmdir } for  pid=32386 comm="tmpwatch"
name="virtual-olivares.1dNZIJ" dev=dm-0 ino=31391789
scontext=system_u:system_r:tmpreaper_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=dir

host=localhost type=SYSCALL
msg=audit(1204560078.2:50): arch=40000003 syscall=40
success=no exit=-13 a0=960ec33 a1=28 a2=960f1a0
a3=960ec33 items=0 ppid=32384 pid=32386
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
comm="tmpwatch" exe="/usr/sbin/tmpwatch"
subj=system_u:system_r:tmpreaper_t:s0 key=(null)





      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

More information about the fedora-selinux-list mailing list