recently-used.xbel wrong context

Miroslav Grepl mgrepl at redhat.com
Mon Feb 21 13:40:25 UTC 2011


On 02/19/2011 06:18 PM, Trevor Hemsley wrote:
> Hi
>
> I'm running Centos 5.5 with all the most recent patches applied and am
> seeing a strange problem with a file in my home directory called
> .recently-used.xbel. It keeps getting the wrong selinux context assigned
> to it though I have no idea what is changing it or when.
>
> [trevor at trevor4 ]$ ls -aZl ~/.recently-used.xbel
> -rw-rw-r-- 1 user_u:object_r:user_home_dir_t  trevor trevor 148481 Feb
> 18 20:22 /home/trevor/.recently-used.xbel
> [trevor at trevor4 ]$ chcon --reference=/home/trevor/.recently-used
> ~/.recently-used.xbel
> [trevor at trevor4 ]$ ls -aZl ~/.recently-used.xbel
> -rw-rw-r-- 1 user_u:object_r:user_home_t      trevor trevor 148481 Feb
> 18 20:22 /home/trevor/.recently-used.xbel
>
> It's a file not a directory yet it is being labelled as home_dir_t not
> home_t and this causes avc messages. I change it back using the chcon
> command above and it stays that way for a while and a few
> days/hour/weeks later, it comes back as home_dir_t again. I'm not sure
> what it is that triggers the re-mislabelling but I do know that I
> 'fixed' this via chcon about a week ago and now it's back again and it's
> not the first time that this has happened. Looking at these two avcs it
> would appear that I 'fixed' it shortly after the 13th and it came back
> sometime today or yesterday at a guess.
>
> 63. 13/02/11 02:12:53 smbd user_u:system_r:smbd_t:s0 4 file getattr
> user_u:object_r:user_home_dir_t:s0 denied 47358
> 64. 19/02/11 17:39:10 smbd user_u:system_r:smbd_t:s0 4 file getattr
> user_u:object_r:user_home_dir_t:s0 denied 54205
>
> [root at trevor4 ~]# ausearch -i -a 54205
> ----
> type=SYSCALL msg=audit(19/02/11 17:39:10.711:54205) : arch=x86_64
> syscall=stat success=yes exit=0 a0=7fffe6a808d0 a1=7fffe6a80000
> a2=7fffe6a80000 a3=7fffe6a804d0 items=0 ppid=2533 pid=15831 auid=trevor
> uid=trevor gid=root euid=trevor suid=root fsuid=trevor egid=trevor
> sgid=root fsgid=trevor tty=(none) ses=2 comm=smbd exe=/usr/sbin/smbd
> subj=user_u:system_r:smbd_t:s0 key=(null)
> type=AVC msg=audit(19/02/11 17:39:10.711:54205) : avc:  denied  {
> getattr } for  pid=15831 comm=smbd path=/home/trevor/.recently-used.xbel
> dev=dm-5 ino=10453859 scontext=user_u:system_r:smbd_t:s0
> tcontext=user_u:object_r:user_home_dir_t:s0 tclass=file
>
> I haven't run a relabel of my system recently and even if I had it
> hasn't been since the machine was last rebooted..
>
> [root at trevor4 ~]# uptime
>   18:10:11 up 52 days,  7:58, 15 users,  load average: 0.43, 0.43, 0.25
> [root at trevor4 ~]#
>
> [trevor at trevor4 ~]$ rpm -q selinux-policy
> selinux-policy-2.4.6-279.el5_5.2
>
> Anyone got any ideas what could be causing this? I can't see anything in
> semanage fcontext that could be doing it...
>
> [root at trevor4 ~]# semanage fcontext -l | grep home
> /usr/sbin/genhomedircon                            regular file
> system_u:object_r:semanage_exec_t:s0
> /usr/lib/oddjob/mkhomedir                          regular file
> system_u:object_r:oddjob_mkhomedir_exec_t:s0
>
> Yours
> Baffled of Brighton :)
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
Trevor,

could you add your output of

# id -Z
# ps -eZ | grep initrc


Also you can fix it using restorecond service by adding

# echo "~/.recently-used.xbel" >> /etc/selinux/restorecond.conf
# service restorecond restart

Which will fix the label.



More information about the selinux mailing list