unlabeled_t types for files

Thu Oct 18 19:36:07 UTC 2012

Hi Stephen,

In the dmesg output we see the following selinux messages.

SELinux:  Initializing.
SELinux:  Starting in permissive mode
SELinux:  Registering netfilter hooks
dracut: Loading SELinux policy
SELinux: 2048 avtab hash slots, 374087 rules.
SELinux: 2048 avtab hash slots, 374087 rules.
SELinux:  11 users, 12 roles, 3762 types, 180 bools, 1 sens, 1024 cats
SELinux:  81 classes, 374087 rules
SELinux:  Completing initialization.
SELinux:  Setting up existing superblocks.
SELinux: initialized (dev sda2, type ext4), uses xattr
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev usbfs, type usbfs), uses genfs_contexts
SELinux: initialized (dev securityfs, type securityfs), uses genfs_contexts
SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts
SELinux: initialized (dev mqueue, type mqueue), uses transition SIDs
SELinux: initialized (dev hugetlbfs, type hugetlbfs), uses transition SIDs
SELinux: initialized (dev devpts, type devpts), uses transition SIDs
SELinux: initialized (dev inotifyfs, type inotifyfs), uses genfs_contexts
SELinux: initialized (dev anon_inodefs, type anon_inodefs), uses
genfs_contexts
SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
SELinux: initialized (dev debugfs, type debugfs), uses genfs_contexts
SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
SELinux: initialized (dev devtmpfs, type devtmpfs), uses transition SIDs
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev proc, type proc), uses genfs_contexts
SELinux: initialized (dev bdev, type bdev), uses genfs_contexts
SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts
SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
SELinux: initialized (dev sda1, type ext4), uses xattr
SELinux: initialized (dev sda6, type ext4), uses xattr
SELinux: initialized (dev sda3, type ext4), uses xattr
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses
genfs_contexts
SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling
SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling
SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling
SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling
SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling
SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling
SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling

Thanks,
Anamitra

On 10/18/12 12:31 PM, "Stephen Smalley" <sds at tycho.nsa.gov> wrote:

>On 10/18/2012 03:27 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
>> Hi Stephen,
>>
>> Here is the AVC message from the audit logs
>>
>> type=AVC msg=audit(1350688637.763:50803): avc:  denied  { relabelfrom }
>> for  pid=32717 comm="mount" scontext=system_u:system_r:mount_t:s0
>> tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem
>> type=SYSCALL msg=audit(1350688637.763:50803): arch=c000003e syscall=165
>> success=yes exit=0 a0=7facda9323f0 a1=7facda9322f0 a2=7facda932410
>> a3=ffffffffc0ed0000 items=1 ppid=32716 pid=32717 auid=4294967295 uid=0
>> gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
>> ses=4294967295 comm="mount" exe="/bin/mount"
>> subj=system_u:system_r:mount_t:s0 key=(null)
>> type=CWD msg=audit(1350688637.763:50803):  cwd="/"
>> type=PATH msg=audit(1350688637.763:50803): item=0
>> name="/var/log/ramfs/cm/trace/ccm/sdi" inode=3154284 dev=08:02
>>mode=040755
>> ouid=513 ogid=506 rdev=00:00 obj=system_u:object_r:var_log_t:s0
>
>Look for SELinux: messages in dmesg output or /var/log/messages that say
>"not configured for labeling".  Or tell us what filesystem type you have
>mounted on /var/log/ramfs.  Do you have a context= or fscontext= mount
>option in your /etc/fstab or wherever you specify the filesystem mount
>information?
>
>
>