recently-used.xbel wrong context

Trevor Hemsley trevor.hemsley at ntlworld.com
Sat Feb 19 18:18:39 UTC 2011


Hi

I'm running Centos 5.5 with all the most recent patches applied and am 
seeing a strange problem with a file in my home directory called 
.recently-used.xbel. It keeps getting the wrong selinux context assigned 
to it though I have no idea what is changing it or when.

[trevor at trevor4 ]$ ls -aZl ~/.recently-used.xbel
-rw-rw-r-- 1 user_u:object_r:user_home_dir_t  trevor trevor 148481 Feb 
18 20:22 /home/trevor/.recently-used.xbel
[trevor at trevor4 ]$ chcon --reference=/home/trevor/.recently-used 
~/.recently-used.xbel
[trevor at trevor4 ]$ ls -aZl ~/.recently-used.xbel
-rw-rw-r-- 1 user_u:object_r:user_home_t      trevor trevor 148481 Feb 
18 20:22 /home/trevor/.recently-used.xbel

It's a file not a directory yet it is being labelled as home_dir_t not 
home_t and this causes avc messages. I change it back using the chcon 
command above and it stays that way for a while and a few 
days/hour/weeks later, it comes back as home_dir_t again. I'm not sure 
what it is that triggers the re-mislabelling but I do know that I 
'fixed' this via chcon about a week ago and now it's back again and it's 
not the first time that this has happened. Looking at these two avcs it 
would appear that I 'fixed' it shortly after the 13th and it came back 
sometime today or yesterday at a guess.

63. 13/02/11 02:12:53 smbd user_u:system_r:smbd_t:s0 4 file getattr 
user_u:object_r:user_home_dir_t:s0 denied 47358
64. 19/02/11 17:39:10 smbd user_u:system_r:smbd_t:s0 4 file getattr 
user_u:object_r:user_home_dir_t:s0 denied 54205

[root at trevor4 ~]# ausearch -i -a 54205
----
type=SYSCALL msg=audit(19/02/11 17:39:10.711:54205) : arch=x86_64 
syscall=stat success=yes exit=0 a0=7fffe6a808d0 a1=7fffe6a80000 
a2=7fffe6a80000 a3=7fffe6a804d0 items=0 ppid=2533 pid=15831 auid=trevor 
uid=trevor gid=root euid=trevor suid=root fsuid=trevor egid=trevor 
sgid=root fsgid=trevor tty=(none) ses=2 comm=smbd exe=/usr/sbin/smbd 
subj=user_u:system_r:smbd_t:s0 key=(null)
type=AVC msg=audit(19/02/11 17:39:10.711:54205) : avc:  denied  { 
getattr } for  pid=15831 comm=smbd path=/home/trevor/.recently-used.xbel 
dev=dm-5 ino=10453859 scontext=user_u:system_r:smbd_t:s0 
tcontext=user_u:object_r:user_home_dir_t:s0 tclass=file

I haven't run a relabel of my system recently and even if I had it 
hasn't been since the machine was last rebooted..

[root at trevor4 ~]# uptime
 18:10:11 up 52 days,  7:58, 15 users,  load average: 0.43, 0.43, 0.25
[root at trevor4 ~]#

[trevor at trevor4 ~]$ rpm -q selinux-policy
selinux-policy-2.4.6-279.el5_5.2

Anyone got any ideas what could be causing this? I can't see anything in 
semanage fcontext that could be doing it...

[root at trevor4 ~]# semanage fcontext -l | grep home
/usr/sbin/genhomedircon                            regular file       
system_u:object_r:semanage_exec_t:s0
/usr/lib/oddjob/mkhomedir                          regular file       
system_u:object_r:oddjob_mkhomedir_exec_t:s0

Yours
Baffled of Brighton :)




More information about the selinux mailing list