Re: updpwd AVC

On Tuesday 27 September 2011 19:17:17 Daniel J Walsh wrote: > On 09/27/2011 11:26 AM, Tony Molloy wrote: >> On Monday 26 September 2011 22:22:31 Dominick Grift wrote: >>> On Mon, 2011-09-26 at 15:00 +0100, Tony Molloy wrote: >>>> Hi, >>>> >>>> On a fully updated CentOS 5.7 box I get the following AVC >>>> SELinux is preventing unix_update (updpwd_t) "getattr" to >>>> / >>>> (fs_t). >>>> >>>> Raw Audit Message >>>> >>>> host=a.b.c.d type=AVC msg=audit(1317043134.620:3620): avc: >>>> denied >>>> >>>> { getattr } for pid=21354 comm="unix_update" name="/" >>>> dev=sda5 >>>> >>>> ino=2 scontext=system_u:system_r:updpwd_t:s0 >>>> >>>> tcontext=system_u:object_r:fs_t:s0 tclass=filesystem >>>> >>>> > Probably has to do with the way the mount table is setup on this > machine versus other machines. Now I've just noticed some other SElinux problems on this machine. Unusual System Events =-=-=-=-=-=-=-=-=-=-= Sep 24 13:25:24 garryowen ssh: /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /home/[^/]*/.+. Sep 24 13:25:24 garryowen ssh: /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /home/[^/]*/.virtinst(/.*)?. ..... Now some time ago I moved some test mail accounts on this machine from /users to /home and ran genhomedircon. There is a file in /etc/selinux/targeted/contexts/files/ called file_contexts.homedirs, generated by genhomedircon, which contains context information for /home. Could this multiple definitions be the root cause of the problem Should I remove this file and autorelabel the entire filesystem again. Thanks, Tony -- selinux mailing list selinux(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6DQbQACgkQrlYvE4MpobPAvgCcCCEhB1N2ce1LCaStIc7vE6KZ lMAAnjtwrA+4FDguLnTsyFwZZ9YmrKes =tT5S -----END PGP SIGNATURE-----