updatedb (locate_t) "read" fusefs_t.

Arthur Dent misc.lists at blueyonder.co.uk
Wed Jan 13 13:42:30 UTC 2010


Hello All,

I have a NTFS partition mounted by fstab at boot time on my F11 system.
Recently I have been getting screeds and screeds of AVCs each time
updatedb runs (daily) - See below for an example.

A bit of googling revealed Bug 549602
https://bugzilla.redhat.com/show_bug.cgi?id=549602 which seems similar. 

Although fixed, it relates to F12. Unless I have missed something (quite
probable) I can't see a similar fix for F11.

My questions are therefore:
1) Is there a similar fix for F11?
2) Will that solve my problem?
3) If not, what should I do?

I am running:
selinux-policy-targeted-3.6.12-92.fc11.noarch
selinux-policy-3.6.12-92.fc11.noarch

Thanks in advance

Mark

======================8<=================================================


Summary:

SELinux is preventing updatedb (locate_t) "read" fusefs_t.

Detailed Description:

SELinux denied access requested by updatedb. It is not expected that this access
is required by updatedb and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:locate_t:s0-s0:c0.c1023
Target Context                system_u:object_r:fusefs_t:s0
Target Objects                /mnt/ntfs/Users/Mark/Cookies [ lnk_file ]
Source                        updatedb
Source Path                   /usr/bin/updatedb
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           mlocate-0.22-1
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.12-92.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.30.10-105.fc11.i686.PAE #1 SMP Thu Dec 24
                              16:41:17 UTC 2009 i686 i686
Alert Count                   3
First Seen                    Mon 11 Jan 2010 09:22:03 GMT
Last Seen                     Wed 13 Jan 2010 08:27:02 GMT
Local ID                      f5c7a401-052c-4149-b79c-d5bef7725b9d
Line Numbers                  

Raw Audit Messages            

node=localhost.localdomain type=AVC msg=audit(1263371222.110:58): avc:  denied  { read } for  pid=4574 comm="updatedb" name="Cookies" dev=sda3 ino=86736 scontext=system_u:system_r:locate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file

node=localhost.localdomain type=SYSCALL msg=audit(1263371222.110:58): arch=40000003 syscall=12 success=no exit=-13 a0=8e1e6f9 a1=bfcd3510 a2=bfcd36f4 a3=bfcd3510 items=0 ppid=4568 pid=4574 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:locate_t:s0-s0:c0.c1023 key=(null)









More information about the selinux mailing list