Sažetak:

SELinux is preventing firefox-bin from creating a file with a context of
unlabeled_t on a filesystem.

Detaljan opis:

[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]

SELinux is preventing firefox-bin from creating a file with a context of
unlabeled_t on a filesystem. Usually this happens when you ask the cp command to
maintain the context of a file when copying between file systems, "cp -a" for
example. Not all file contexts should be maintained between the file systems.
For example, a read-only file type like iso9660_t should not be placed on a r/w
system. "cp -P" might be a better solution, as this will adopt the default file
context for the destination.

Dopuštanje pristupa:

Use a command like "cp -P" to preserve all permissions except SELinux context.

Dodatni podaci:

Izvorni kontekst              unconfined_u:object_r:unlabeled_t:s0
Ciljani kontekst              system_u:object_r:fs_t:s0
Ciljani objekti               3DDCC898d01 [ filesystem ]
Source                        firefox-bin
Source Path                   /usr/lib/firefox-2.0.0.12/firefox-bin
Port                          <Nepoznato>
Host                          valent.oswireless
Source RPM Packages           firefox-2.0.0.12-1.fc8
Target RPM Packages           
RPM pravila                   selinux-policy-3.0.8-93.fc8
Selinux je omogućen          True
Vrsta pravila                 targeted
MLS je omogućen              True
Način prisile                Permissive
Naziv dodatka                 filesystem_associate
Naziv računala               valent.oswireless
Platforma                     Linux valent.oswireless 2.6.24.3-34.fc8 #1 SMP Wed
                              Mar 12 18:17:20 EDT 2008 i686 i686
Broj uzbuna                   1
First Seen                    Pon 17 Ožu 2008 09:27:46
Last Seen                     Pon 17 Ožu 2008 09:27:46
Local ID                      c113f600-d8da-4a9f-b326-beea0f74f0cf
Brojevi redaka                

Sirova poruke revizije        

host=valent.oswireless type=AVC msg=audit(1205742466.406:38): avc:  denied  { associate } for  pid=2996 comm="firefox-bin" name="3DDCC898d01" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem

host=valent.oswireless type=SYSCALL msg=audit(1205742466.406:38): arch=40000003 syscall=5 success=yes exit=56 a0=bc34720 a1=8042 a2=180 a3=8042 items=0 ppid=2991 pid=2996 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-2.0.0.12/firefox-bin" subj=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 key=(null)