-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/28/2011 10:56 AM, Tony Molloy wrote:
On Tuesday 27 September 2011 19:17:17 Daniel J Walsh wrote:
> On 09/27/2011 11:26 AM, Tony Molloy wrote:
>> On Monday 26 September 2011 22:22:31 Dominick Grift wrote:
>>> On Mon, 2011-09-26 at 15:00 +0100, Tony Molloy wrote:
>>>> Hi,
>>>>
>>>> On a fully updated CentOS 5.7 box I get the following AVC
>>>> SELinux is preventing unix_update (updpwd_t) "getattr" to
>>>> /
>>>> (fs_t).
>>>>
>>>> Raw Audit Message
>>>>
>>>> host=a.b.c.d type=AVC msg=audit(1317043134.620:3620): avc:
>>>> denied
>>>>
>>>> { getattr } for pid=21354 comm="unix_update"
name="/"
>>>> dev=sda5
>>>>
>>>> ino=2 scontext=system_u:system_r:updpwd_t:s0
>>>>
>>>> tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
>>>>
>>>>
> Probably has to do with the way the mount table is setup on this
> machine versus other machines.
Now I've just noticed some other SElinux problems on this machine.
Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Sep 24 13:25:24 garryowen ssh:
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /home/[^/]*/.+.
Sep 24 13:25:24 garryowen ssh:
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /home/[^/]*/.virtinst(/.*)?.
.....
Now some time ago I moved some test mail accounts on this machine
from /users to /home and ran genhomedircon.
There is a file in /etc/selinux/targeted/contexts/files/ called
file_contexts.homedirs, generated by genhomedircon, which contains
context information for /home.
Could this multiple definitions be the root cause of the problem
Should I remove this file and autorelabel the entire filesystem
again.
Thanks,
Tony
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
No
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org/
iEYEARECAAYFAk6DQbQACgkQrlYvE4MpobPAvgCcCCEhB1N2ce1LCaStIc7vE6KZ
lMAAnjtwrA+4FDguLnTsyFwZZ9YmrKes
=tT5S
-----END PGP SIGNATURE-----