recently-used.xbel wrong context
Trevor Hemsley
trevor.hemsley at ntlworld.com
Sat Feb 19 18:18:39 UTC 2011
Hi
I'm running Centos 5.5 with all the most recent patches applied and am
seeing a strange problem with a file in my home directory called
.recently-used.xbel. It keeps getting the wrong selinux context assigned
to it though I have no idea what is changing it or when.
[trevor at trevor4 ]$ ls -aZl ~/.recently-used.xbel
-rw-rw-r-- 1 user_u:object_r:user_home_dir_t trevor trevor 148481 Feb
18 20:22 /home/trevor/.recently-used.xbel
[trevor at trevor4 ]$ chcon --reference=/home/trevor/.recently-used
~/.recently-used.xbel
[trevor at trevor4 ]$ ls -aZl ~/.recently-used.xbel
-rw-rw-r-- 1 user_u:object_r:user_home_t trevor trevor 148481 Feb
18 20:22 /home/trevor/.recently-used.xbel
It's a file not a directory yet it is being labelled as home_dir_t not
home_t and this causes avc messages. I change it back using the chcon
command above and it stays that way for a while and a few
days/hour/weeks later, it comes back as home_dir_t again. I'm not sure
what it is that triggers the re-mislabelling but I do know that I
'fixed' this via chcon about a week ago and now it's back again and it's
not the first time that this has happened. Looking at these two avcs it
would appear that I 'fixed' it shortly after the 13th and it came back
sometime today or yesterday at a guess.
63. 13/02/11 02:12:53 smbd user_u:system_r:smbd_t:s0 4 file getattr
user_u:object_r:user_home_dir_t:s0 denied 47358
64. 19/02/11 17:39:10 smbd user_u:system_r:smbd_t:s0 4 file getattr
user_u:object_r:user_home_dir_t:s0 denied 54205
[root at trevor4 ~]# ausearch -i -a 54205
----
type=SYSCALL msg=audit(19/02/11 17:39:10.711:54205) : arch=x86_64
syscall=stat success=yes exit=0 a0=7fffe6a808d0 a1=7fffe6a80000
a2=7fffe6a80000 a3=7fffe6a804d0 items=0 ppid=2533 pid=15831 auid=trevor
uid=trevor gid=root euid=trevor suid=root fsuid=trevor egid=trevor
sgid=root fsgid=trevor tty=(none) ses=2 comm=smbd exe=/usr/sbin/smbd
subj=user_u:system_r:smbd_t:s0 key=(null)
type=AVC msg=audit(19/02/11 17:39:10.711:54205) : avc: denied {
getattr } for pid=15831 comm=smbd path=/home/trevor/.recently-used.xbel
dev=dm-5 ino=10453859 scontext=user_u:system_r:smbd_t:s0
tcontext=user_u:object_r:user_home_dir_t:s0 tclass=file
I haven't run a relabel of my system recently and even if I had it
hasn't been since the machine was last rebooted..
[root at trevor4 ~]# uptime
18:10:11 up 52 days, 7:58, 15 users, load average: 0.43, 0.43, 0.25
[root at trevor4 ~]#
[trevor at trevor4 ~]$ rpm -q selinux-policy
selinux-policy-2.4.6-279.el5_5.2
Anyone got any ideas what could be causing this? I can't see anything in
semanage fcontext that could be doing it...
[root at trevor4 ~]# semanage fcontext -l | grep home
/usr/sbin/genhomedircon regular file
system_u:object_r:semanage_exec_t:s0
/usr/lib/oddjob/mkhomedir regular file
system_u:object_r:oddjob_mkhomedir_exec_t:s0
Yours
Baffled of Brighton :)
More information about the selinux
mailing list