SELinux is preventing access to files with the label, file_t.
Antonio Olivares
olivares14031 at yahoo.com
Tue Mar 4 20:36:57 UTC 2008
--- Andrew Farris <lordmorgul at gmail.com> wrote:
> Antonio Olivares wrote:
> >>> SELinux is preventing access to files with the
> >> label,
> >>> file_t.
>
> >> Is this file being created from a virtual
> machine?
> >> How is this file
> >> getting there?
>
> In my case it is definitely not a virtual machine
> (I'm not running any on that
> box), but I'm seeing the same thing happen with a
> variety of files in /tmp.
> They all seem to be session data files of some type.
>
> I have hundreds of denials that happened with
> gconfd-2 a few days ago (socket
> files in tmp mostly). Now I see many of these
> accesses prevented to file_t.
>
> Files such as:
> ./keyring-vaxTjg
> /tmp/fahcore-iolock.txt <- I'm running folding at
> home, it is doing that
> ./kdecache-lordmorgul
> /tmp/pulse-lordmorgul/pid
> /tmp/banshee-NDesk.DBus.Bus.txt
> /tmp/gnome-system-monitor.lordmorgul.777456431
> ./virtual-lordmorgul.4FvBXq
> ./.esd-500
> ./fah
> ./virtual-lordmorgul.xxxxx/
>
> And more. These are all accesses denied to
> /usr/sbin/tmpwatch, files (normal
> and sockets) and directories all labeled file_t.
>
> This list is about a third of the denials I've seen
> pop up just this morning.
> I've seen this occurring for several days (if not
> more than a week) just have
> not dealt with it yet. The issue is probably not a
> very recent change. I've
> had several relabels, new kernels, and new policy
> while seeing this same issue,
> many denials to /usr/bin/tmpwatch for file_t.
>
> --
> Andrew Farris <lordmorgul at gmail.com>
> www.lordmorgul.net
> gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF
> 707E A2E0 F0F6 E622 C99B 1DF3
> No one now has, and no one will ever again get, the
> big picture. - Daniel Geer
> ----
> ----
>
> --
> fedora-test-list mailing list
> fedora-test-list at redhat.com
> To unsubscribe:
>
https://www.redhat.com/mailman/listinfo/fedora-test-list
>
Great to hear that Andrew, I thought I was the only
one experiencing this kind of denials with the file_t.
I have done touch ./autorelabel; reboot several times
already and that is why I submit the setroubleshoot
complaints.
Regards,
Antonio
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
More information about the fedora-test-list
mailing list