File Contexts error?

Hongwei Li hongwei at wustl.edu
Wed Mar 2 22:13:11 UTC 2005 

Hi,

I have run up2date to update many packages of my fc3 system.  My system info:
RedHat FC3 linux, kernel 2.6.10-1.766_FC3, selinux enforced (targeted),
iptables enabled
selinux-policy-targeted:     1.17.30-2.19

Then, the root received the following mail:

Invalid File Contexts

/etc/blkid.tab
/etc/asound.state
/etc/ld.so.cache
/etc/.pwd.lock
/etc/hotplug/usb.usermap
/etc/freshclam.conf
/etc/sysconfig/firstboot
/etc/sysconfig/hwconf
/.autofsck
/.fonts.cache-1
/lost+found
/root/install.log
/root/install.log.syslog
/lib/modules/2.6.10-1.766_FC3/modules.ccwmap
/lib/modules/2.6.10-1.766_FC3/modules.alias
/lib/modules/2.6.10-1.766_FC3/modules.dep
/lib/modules/2.6.10-1.766_FC3/modules.inputmap
/lib/modules/2.6.10-1.766_FC3/modules.usbmap
/lib/modules/2.6.10-1.766_FC3/modules.isapnpmap
/lib/modules/2.6.10-1.766_FC3/modules.pcimap
/lib/modules/2.6.10-1.766_FC3/modules.ieee1394map
/lib/modules/2.6.10-1.766_FC3/modules.symbols
/lib/modules/2.6.9-1.667/modules.ccwmap
/lib/modules/2.6.9-1.667/modules.alias
/lib/modules/2.6.9-1.667/modules.dep
/lib/modules/2.6.9-1.667/modules.inputmap
/lib/modules/2.6.9-1.667/modules.usbmap
/lib/modules/2.6.9-1.667/modules.isapnpmap
/lib/modules/2.6.9-1.667/modules.pcimap
/lib/modules/2.6.9-1.667/modules.ieee1394map
/lib/modules/2.6.9-1.667/modules.symbols
/home/lost+found
/tmp/lost+found
/usr/lost+found
/var/log/rpmpkgs
/var/log/httpd/ssl_error_log
/var/log/httpd/ssl_request_log
/var/log/httpd/ssl_access_log
/var/log/httpd/error_log
/var/log/httpd/access_log
/var/log/yum.log
/var/lost+found
/var/run/utmp
/var/lib/squirrelmail/prefs/qlily.pref
/var/lib/squirrelmail/prefs/qlily.abook
/var/lib/php/session/sess_bd54786e5c301c251fd139a22c129872

I don't know which package's updating caused this problem.  Then, I run:

# restorecon -R /etc/*
# restorecon -R /var/*
# restorecon -R /lib/*
# restorecon -R /usr/*

I got a lot of warning about sybolic links, that's probably okay.  Now,
the problem is that the user qlily cannot login to squirrelmail.  The
error message is:

Preference file, /var/lib/squirrelmail/prefs/qlily.pref.tmp, could not be
opened. Contact your system administrator to resolve this issue.

Check the files:

# ls -lZ /var/lib/squirrelmail/prefs/qlily.*
-rw-r--r--  apache   apache   system_u:object_r:var_lib_t
/var/lib/squirrelmail/prefs/qlily.abook
-rw-------  apache   apache   system_u:object_r:var_lib_t
/var/lib/squirrelmail/prefs/qlily.pref
-rw-r--r--  apache   apache   system_u:object_r:var_lib_t
/var/lib/squirrelmail/prefs/qlily.pref.tmp

and the log shows:

Mar  2 15:49:03 pippo kernel: audit(1109800143.922:0): avc:  denied  {
write } for  pid=1458 exe=/usr/sbin/httpd name=qlily.pref.tmp dev=hda2
ino=2540354 scontext=root:system_r:httpd_t
tcontext=system_u:object_r:var_lib_t tclass=file
Mar  2 15:49:03 pippo kernel: audit(1109800143.924:0): avc:  denied  {
write } for  pid=1458 exe=/usr/sbin/httpd
name=sess_bd54786e5c301c251fd139a22c129872 dev=hda2 ino=2540345
scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_lib_t
tclass=file
....

qlily is the only user I created so far in the system.  This user can
send/receive email through pine.  To test the situation, I created another
user msnet.  He can login to ssh console, but cannot login to
squirrelmail, the error message is:

You must be logged in to access this page

although the password is correct.  his pref file is:

# ls -lZ /var/lib/squirrelmail/prefs/msnet.pref
-rw-------  apache   apache   root:object_r:httpd_var_lib_t   
/var/lib/squirrelmail/prefs/msnet.pref

What's wrong?  What package updating caused this problem?  How to fix the
problem?

Thanks a lot!

Hongwei Li

More information about the selinux mailing list