F13: SELinux is preventing /usr/bin/updatedb "read" access on My Documents
Dominick Grift
domg472 at gmail.com
Fri Oct 1 14:43:50 UTC 2010
On Fri, Oct 01, 2010 at 07:32:51AM -0700, Dan Thurman wrote:
> I get this often too, how to fix?
You can use audit2allow to allow this.
Theres a bug in the files_list_all interface.
It should include access to read file_type:lnk_files.
allow $1 file_type:lnk_files read_lnk_file_perms;
>
> ====================================================================
> Summary:
>
> SELinux is preventing /usr/bin/updatedb "read" access on My Documents.
>
> Detailed Description:
>
> SELinux denied access requested by updatedb. It is not expected that
> this access
> is required by updatedb and this access may signal an intrusion attempt.
> It is
> also possible that the specific version or configuration of the
> application is
> causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
> report.
>
> Additional Information:
>
> Source Context system_u:system_r:locate_t:s0-s0:c0.c1023
> Target Context system_u:object_r:samba_share_t:s0
> Target Objects My Documents [ lnk_file ]
> Source updatedb
> Source Path /usr/bin/updatedb
> Port <Unknown>
> Host host.domain.com
> Source RPM Packages mlocate-0.22.4-1.fc13
> Target RPM Packages
> Policy RPM selinux-policy-3.7.19-57.fc13
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Plugin Name catchall
> Host Name host.domain.com
> Platform Linux host.domain.com
> 2.6.34.6-54.fc13.i686 #1 SMP
> Sun Sep 5 17:52:31 UTC 2010 i686 i686
> Alert Count 130
> First Seen Thu 30 Sep 2010 03:43:09 AM PDT
> Last Seen Fri 01 Oct 2010 03:37:52 AM PDT
> Local ID 4ee4e27f-095e-4186-a718-dfeb6cb22169
> Line Numbers
>
> Raw Audit Messages
>
> node=host.domain.com type=AVC msg=audit(1285929472.607:103678): avc:
> denied { read } for pid=22716 comm="updatedb"
> name=4D7920446F63756D656E7473 dev=sdc3 ino=83907
> scontext=system_u:system_r:locate_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:samba_share_t:s0 tclass=lnk_file
>
> node=host.domain.com type=SYSCALL msg=audit(1285929472.607:103678):
> arch=40000003 syscall=12 success=no exit=-13 a0=9e9c8f9 a1=bfe5b6f0
> a2=bfe5b8e4 a3=bfe5b6f0 items=0 ppid=22709 pid=22716 auid=0 uid=0 gid=0
> euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6602
> comm="updatedb" exe="/usr/bin/updatedb"
> subj=system_u:system_r:locate_t:s0-s0:c0.c1023 key=(null)
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20101001/32c3103b/attachment.bin
More information about the selinux
mailing list