SELinux is preventing access to files with the label, file_t.
Daniel J Walsh
dwalsh at redhat.com
Tue Mar 4 22:06:26 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
> --- Daniel J Walsh <dwalsh at redhat.com> wrote:
>
> Antonio Olivares wrote:
>>>> --- Andrew Farris <lordmorgul at gmail.com> wrote:
>>>>
>>>>> Antonio Olivares wrote:
>>>>>>>> SELinux is preventing access to files with the
>>>>>>> label,
>>>>>>>> file_t.
>>>>>>> Is this file being created from a virtual
>>>>> machine?
>>>>>>> How is this file
>>>>>>> getting there?
>>>>> In my case it is definitely not a virtual machine
>>>>> (I'm not running any on that
>>>>> box), but I'm seeing the same thing happen with a
>>>>> variety of files in /tmp.
>>>>> They all seem to be session data files of some
> type.
>>>>> I have hundreds of denials that happened with
>>>>> gconfd-2 a few days ago (socket
>>>>> files in tmp mostly). Now I see many of these
>>>>> accesses prevented to file_t.
>>>>>
>>>>> Files such as:
>>>>> ./keyring-vaxTjg
>>>>> /tmp/fahcore-iolock.txt <- I'm running folding
> at
>>>>> home, it is doing that
>>>>> ./kdecache-lordmorgul
>>>>> /tmp/pulse-lordmorgul/pid
>>>>> /tmp/banshee-NDesk.DBus.Bus.txt
>>>>> /tmp/gnome-system-monitor.lordmorgul.777456431
>>>>> ./virtual-lordmorgul.4FvBXq
>>>>> ./.esd-500
>>>>> ./fah
>>>>> ./virtual-lordmorgul.xxxxx/
>>>>>
>>>>> And more. These are all accesses denied to
>>>>> /usr/sbin/tmpwatch, files (normal
>>>>> and sockets) and directories all labeled file_t.
>>>>>
>>>>> This list is about a third of the denials I've
> seen
>>>>> pop up just this morning.
>>>>> I've seen this occurring for several days (if not
>>>>> more than a week) just have
>>>>> not dealt with it yet. The issue is probably not
> a
>>>>> very recent change. I've
>>>>> had several relabels, new kernels, and new policy
>>>>> while seeing this same issue,
>>>>> many denials to /usr/bin/tmpwatch for file_t.
>>>>>
>>>>> --
>>>>> Andrew Farris <lordmorgul at gmail.com>
>>>>> www.lordmorgul.net
>>>>> gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF
>>>>> 707E A2E0 F0F6 E622 C99B 1DF3
>>>>> No one now has, and no one will ever again get,
> the
>>>>> big picture. - Daniel Geer
>>>>> ----
>
>>>>> ----
>>>>>
>>>>> --
>>>>> fedora-test-list mailing list
>>>>> fedora-test-list at redhat.com
>>>>> To unsubscribe:
>>>>>
>> https://www.redhat.com/mailman/listinfo/fedora-test-list
>>>> Great to hear that Andrew, I thought I was the
> only
>>>> one experiencing this kind of denials with the
> file_t.
>>>> I have done touch ./autorelabel; reboot several
> times
>>>> already and that is why I submit the
> setroubleshoot
>>>> complaints.
>>>>
>>>> Regards,
>>>>
>>>> Antonio
>>>>
>>>>
>>>>
>> ____________________________________________________________________________________
>>>> Never miss a thing. Make Yahoo your home page.
>>>> http://www.yahoo.com/r/hs
>>>>
> Can you just delete these files from /tmp/
>
> They may have been there before the relabel.
>
> restorecon and fixfiles do not touch certain
> directories /tmp being one
> of them.
>
>> Do I remove everything from /tmp/?
>
>> Is there a nice script that can do the job?
>
I use tmpfs for /tmp. So mine dissapears every time I reboot.
rm -rf /tmp/*
rm -rf /tmp/.??*
Should get rid of almost everything.
>> Thanks,
>
>> Antonio
>>
- --
fedora-test-list mailing list
fedora-test-list at redhat.com
To unsubscribe:
>>
> https://www.redhat.com/mailman/listinfo/fedora-test-list
> ____________________________________________________________________________________
> Be a better friend, newshound, and
> know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkfNx+IACgkQrlYvE4MpobOA2QCgsdKRLP0QsnWvzP+7Uot8B3pB
f0UAoJsbiCUrQu1iNhyEQnfPK0KBqYHe
=qB22
-----END PGP SIGNATURE-----
More information about the fedora-test-list
mailing list