Hello All,
I have a NTFS partition mounted by fstab at boot time on my F11 system. Recently I have been getting screeds and screeds of AVCs each time updatedb runs (daily) - See below for an example.
A bit of googling revealed Bug 549602 https://bugzilla.redhat.com/show_bug.cgi?id=549602 which seems similar.
Although fixed, it relates to F12. Unless I have missed something (quite probable) I can't see a similar fix for F11.
My questions are therefore: 1) Is there a similar fix for F11? 2) Will that solve my problem? 3) If not, what should I do?
I am running: selinux-policy-targeted-3.6.12-92.fc11.noarch selinux-policy-3.6.12-92.fc11.noarch
Thanks in advance
Mark
======================8<=================================================
Summary:
SELinux is preventing updatedb (locate_t) "read" fusefs_t.
Detailed Description:
SELinux denied access requested by updatedb. It is not expected that this access is required by updatedb and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
Additional Information:
Source Context system_u:system_r:locate_t:s0-s0:c0.c1023 Target Context system_u:object_r:fusefs_t:s0 Target Objects /mnt/ntfs/Users/Mark/Cookies [ lnk_file ] Source updatedb Source Path /usr/bin/updatedb Port <Unknown> Host localhost.localdomain Source RPM Packages mlocate-0.22-1 Target RPM Packages Policy RPM selinux-policy-3.6.12-92.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.30.10-105.fc11.i686.PAE #1 SMP Thu Dec 24 16:41:17 UTC 2009 i686 i686 Alert Count 3 First Seen Mon 11 Jan 2010 09:22:03 GMT Last Seen Wed 13 Jan 2010 08:27:02 GMT Local ID f5c7a401-052c-4149-b79c-d5bef7725b9d Line Numbers
Raw Audit Messages
node=localhost.localdomain type=AVC msg=audit(1263371222.110:58): avc: denied { read } for pid=4574 comm="updatedb" name="Cookies" dev=sda3 ino=86736 scontext=system_u:system_r:locate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file
node=localhost.localdomain type=SYSCALL msg=audit(1263371222.110:58): arch=40000003 syscall=12 success=no exit=-13 a0=8e1e6f9 a1=bfcd3510 a2=bfcd36f4 a3=bfcd3510 items=0 ppid=4568 pid=4574 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:locate_t:s0-s0:c0.c1023 key=(null)
On 01/13/2010 02:42 PM, Arthur Dent wrote:
Hello All,
I have a NTFS partition mounted by fstab at boot time on my F11 system. Recently I have been getting screeds and screeds of AVCs each time updatedb runs (daily) - See below for an example.
A bit of googling revealed Bug 549602 https://bugzilla.redhat.com/show_bug.cgi?id=549602 which seems similar.
Although fixed, it relates to F12. Unless I have missed something (quite probable) I can't see a similar fix for F11.
My questions are therefore:
- Is there a similar fix for F11?
Not yet.
- Will that solve my problem?
- If not, what should I do?
You can add these rules for now using
# grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
I am running: selinux-policy-targeted-3.6.12-92.fc11.noarch selinux-policy-3.6.12-92.fc11.noarch
Thanks in advance
Mark
======================8<=================================================
Summary:
SELinux is preventing updatedb (locate_t) "read" fusefs_t.
Detailed Description:
SELinux denied access requested by updatedb. It is not expected that this access is required by updatedb and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
Additional Information:
Source Context system_u:system_r:locate_t:s0-s0:c0.c1023 Target Context system_u:object_r:fusefs_t:s0 Target Objects /mnt/ntfs/Users/Mark/Cookies [ lnk_file ] Source updatedb Source Path /usr/bin/updatedb Port<Unknown> Host localhost.localdomain Source RPM Packages mlocate-0.22-1 Target RPM Packages Policy RPM selinux-policy-3.6.12-92.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.30.10-105.fc11.i686.PAE #1 SMP Thu Dec 24 16:41:17 UTC 2009 i686 i686 Alert Count 3 First Seen Mon 11 Jan 2010 09:22:03 GMT Last Seen Wed 13 Jan 2010 08:27:02 GMT Local ID f5c7a401-052c-4149-b79c-d5bef7725b9d Line Numbers
Raw Audit Messages
node=localhost.localdomain type=AVC msg=audit(1263371222.110:58): avc: denied { read } for pid=4574 comm="updatedb" name="Cookies" dev=sda3 ino=86736 scontext=system_u:system_r:locate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file
node=localhost.localdomain type=SYSCALL msg=audit(1263371222.110:58): arch=40000003 syscall=12 success=no exit=-13 a0=8e1e6f9 a1=bfcd3510 a2=bfcd36f4 a3=bfcd3510 items=0 ppid=4568 pid=4574 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:locate_t:s0-s0:c0.c1023 key=(null)
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
On 01/13/2010 08:42 AM, Arthur Dent wrote:
Hello All,
I have a NTFS partition mounted by fstab at boot time on my F11 system. Recently I have been getting screeds and screeds of AVCs each time updatedb runs (daily) - See below for an example.
A bit of googling revealed Bug 549602 https://bugzilla.redhat.com/show_bug.cgi?id=549602 which seems similar.
Although fixed, it relates to F12. Unless I have missed something (quite probable) I can't see a similar fix for F11.
My questions are therefore:
- Is there a similar fix for F11?
- Will that solve my problem?
- If not, what should I do?
I am running: selinux-policy-targeted-3.6.12-92.fc11.noarch selinux-policy-3.6.12-92.fc11.noarch
Thanks in advance
Mark
======================8<=================================================
Summary:
SELinux is preventing updatedb (locate_t) "read" fusefs_t.
Detailed Description:
SELinux denied access requested by updatedb. It is not expected that this access is required by updatedb and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
Additional Information:
Source Context system_u:system_r:locate_t:s0-s0:c0.c1023 Target Context system_u:object_r:fusefs_t:s0 Target Objects /mnt/ntfs/Users/Mark/Cookies [ lnk_file ] Source updatedb Source Path /usr/bin/updatedb Port <Unknown> Host localhost.localdomain Source RPM Packages mlocate-0.22-1 Target RPM Packages Policy RPM selinux-policy-3.6.12-92.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.30.10-105.fc11.i686.PAE #1 SMP Thu Dec 24 16:41:17 UTC 2009 i686 i686 Alert Count 3 First Seen Mon 11 Jan 2010 09:22:03 GMT Last Seen Wed 13 Jan 2010 08:27:02 GMT Local ID f5c7a401-052c-4149-b79c-d5bef7725b9d Line Numbers
Raw Audit Messages
node=localhost.localdomain type=AVC msg=audit(1263371222.110:58): avc: denied { read } for pid=4574 comm="updatedb" name="Cookies" dev=sda3 ino=86736 scontext=system_u:system_r:locate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file
node=localhost.localdomain type=SYSCALL msg=audit(1263371222.110:58): arch=40000003 syscall=12 success=no exit=-13 a0=8e1e6f9 a1=bfcd3510 a2=bfcd36f4 a3=bfcd3510 items=0 ppid=4568 pid=4574 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:locate_t:s0-s0:c0.c1023 key=(null)
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Yes reopen that bug for F11 and request a fix.
On Wed, Jan 13, 2010 at 22:37:22 +0000, Arthur Dent misc.lists@blueyonder.co.uk wrote:
On Wed, 2010-01-13 at 12:41 -0500, Daniel J Walsh wrote:
On 01/13/2010 08:42 AM, Arthur Dent wrote:
[Snip...]
Yes reopen that bug for F11 and request a fix.
Is adding a comment to the closed bug sufficient to re-open it or do I need to create a new Bugzilla?
Adding a comment is orthogonal to reopening. If you are the reporter or have appropriate bugzilla rights you can change the status back to open and then save the change.
selinux@lists.fedoraproject.org