SELinux is preventing access to files with the label, file_t.

Antonio Olivares olivares14031 at yahoo.com
Tue Mar 4 14:46:51 UTC 2008


--- Daniel J Walsh <dwalsh at redhat.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Antonio Olivares wrote:
> > Dear all, 
> > 
> > I have done this before :
> > 
> > "touch /.autorelabel; reboot"
> > 
> > several days pass and I see this file_t again and
> I
> > have to do "in quote" this again .  What is file_t
> > anyway?  
> > I do not know of any in my system.  
> > 
> > Thanks,
> > 
> > Antonio 
> > 
> > Summary:
> > 
> > SELinux is preventing access to files with the
> label,
> > file_t.
> > 
> > Detailed Description:
> > 
> > SELinux permission checks on files labeled file_t
> are
> > being denied. file_t is
> > the context the SELinux kernel gives to files that
> do
> > not have a label. This
> > indicates a serious labeling problem. No files on
> an
> > SELinux box should ever be
> > labeled file_t. If you have just added a new disk
> > drive to the system you can
> > relabel it using the restorecon command. Otherwise
> you
> > should relabel the entire
> > files system.
> > 
> > Allowing Access:
> > 
> > You can execute the following command as root to
> > relabel your computer system:
> > "touch /.autorelabel; reboot"
> > 
> > Additional Information:
> > 
> > Source Context               
> > system_u:system_r:tmpreaper_t
> > Target Context               
> system_u:object_r:file_t
> > Target Objects               
> > ./virtual-olivares.1dNZIJ [ dir ]
> > Source                        tmpwatch
> > Source Path                   /usr/sbin/tmpwatch
> > Port                          <Unknown>
> > Host                          localhost
> > Source RPM Packages           tmpwatch-2.9.13-2
> > Target RPM Packages           
> > Policy RPM                   
> > selinux-policy-3.3.1-9.fc9
> > Selinux Enabled               True
> > Policy Type                   targeted
> > MLS Enabled                   True
> > Enforcing Mode                Enforcing
> > Plugin Name                   file
> > Host Name                     localhost
> > Platform                      Linux localhost
> > 2.6.25-0.80.rc3.git2.fc9 #1 SMP
> >                               Fri Feb 29 18:17:34
> EST
> > 2008 i686 athlon
> > Alert Count                   1
> > First Seen                    Mon 03 Mar 2008
> 10:01:18
> > AM CST
> > Last Seen                     Mon 03 Mar 2008
> 10:01:18
> > AM CST
> > Local ID                     
> > 08676827-232c-4027-aa44-9431e45d6d53
> > Line Numbers                  
> > 
> > Raw Audit Messages            
> > 
> > host=localhost type=AVC
> msg=audit(1204560078.2:50):
> > avc:  denied  { rmdir } for  pid=32386
> comm="tmpwatch"
> > name="virtual-olivares.1dNZIJ" dev=dm-0
> ino=31391789
> > scontext=system_u:system_r:tmpreaper_t:s0
> > tcontext=system_u:object_r:file_t:s0 tclass=dir
> > 
> > host=localhost type=SYSCALL
> > msg=audit(1204560078.2:50): arch=40000003
> syscall=40
> > success=no exit=-13 a0=960ec33 a1=28 a2=960f1a0
> > a3=960ec33 items=0 ppid=32384 pid=32386
> > auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> > egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
> > comm="tmpwatch" exe="/usr/sbin/tmpwatch"
> > subj=system_u:system_r:tmpreaper_t:s0 key=(null)
> > 
> > 
> > 
> > 
> > 
> >      
>
____________________________________________________________________________________
> > Never miss a thing.  Make Yahoo your home page. 
> > http://www.yahoo.com/r/hs
> > 
> File_t is an unlabeled file.  The kernel looks at
> the extended
> attributes of a file for its file context, if none
> are found it reports
> it as file_t.  The only way you should be able to
> get a file_t is if you
> put in an unlabeled file system and moved the file
> over.  This should
> not happen ordinarily.  Also you can fix the file
> labels with a
> restorecon/chcon call rather then a full relabel, or
> you can just delete
> the file.
> 
> 
> Is this file being created from a virtual machine? 
> How is this file
> getting there?

I do not know, It might have happened when I copied a
dvd.   I have done this plenty of times before. touch
./autorelabel reboot and this file comes back to haunt
me :(

I will do it again for the sake of it.  If it comes
back again, I will submit another complaint against
it.  

> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (GNU/Linux)
> Comment: Using GnuPG with Fedora -
> http://enigmail.mozdev.org
> 
>
iEYEARECAAYFAkfNW6QACgkQrlYvE4MpobPzUACfT2F2yntWpqzYgHfWZY2CDAwB
> piIAnihXDsWWR9lHmsQ0zkgJMVCCYq/y
> =D9f5
> -----END PGP SIGNATURE-----
> 
> -- 
> fedora-test-list mailing list
> fedora-test-list at redhat.com
> To unsubscribe: 
>
https://www.redhat.com/mailman/listinfo/fedora-test-list
> 



      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping




More information about the test mailing list