updpwd AVC
Tony Molloy
tony.molloy at ul.ie
Wed Sep 28 14:56:24 UTC 2011
On Tuesday 27 September 2011 19:17:17 Daniel J Walsh wrote:
> On 09/27/2011 11:26 AM, Tony Molloy wrote:
> > On Monday 26 September 2011 22:22:31 Dominick Grift wrote:
> >> On Mon, 2011-09-26 at 15:00 +0100, Tony Molloy wrote:
> >>> Hi,
> >>>
> >>> On a fully updated CentOS 5.7 box I get the following AVC
> >>> SELinux is preventing unix_update (updpwd_t) "getattr" to /
> >>> (fs_t).
> >>>
> >>> Raw Audit Message
> >>>
> >>> host=a.b.c.d type=AVC msg=audit(1317043134.620:3620): avc:
> >>> denied
> >>>
> >>> { getattr } for pid=21354 comm="unix_update" name="/" dev=sda5
> >>>
> >>> ino=2 scontext=system_u:system_r:updpwd_t:s0
> >>>
> >>> tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
> >>>
> >>>
> Probably has to do with the way the mount table is setup on this
> machine versus other machines.
Now I've just noticed some other SElinux problems on this machine.
Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Sep 24 13:25:24 garryowen ssh:
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /home/[^/]*/.+.
Sep 24 13:25:24 garryowen ssh:
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /home/[^/]*/.virtinst(/.*)?.
.....
Now some time ago I moved some test mail accounts on this machine from
/users to /home and ran genhomedircon.
There is a file in /etc/selinux/targeted/contexts/files/ called
file_contexts.homedirs, generated by genhomedircon, which contains
context information for /home.
Could this multiple definitions be the root cause of the problem
Should I remove this file and autorelabel the entire filesystem again.
Thanks,
Tony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20110928/84f6ec39/attachment.html
More information about the selinux
mailing list