SELinux is preventing access to files with the label, file_t.
Daniel J Walsh
dwalsh at redhat.com
Tue Mar 4 21:13:39 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
> --- Andrew Farris <lordmorgul at gmail.com> wrote:
>
>> Antonio Olivares wrote:
>>>>> SELinux is preventing access to files with the
>>>> label,
>>>>> file_t.
>>>> Is this file being created from a virtual
>> machine?
>>>> How is this file
>>>> getting there?
>> In my case it is definitely not a virtual machine
>> (I'm not running any on that
>> box), but I'm seeing the same thing happen with a
>> variety of files in /tmp.
>> They all seem to be session data files of some type.
>>
>> I have hundreds of denials that happened with
>> gconfd-2 a few days ago (socket
>> files in tmp mostly). Now I see many of these
>> accesses prevented to file_t.
>>
>> Files such as:
>> ./keyring-vaxTjg
>> /tmp/fahcore-iolock.txt <- I'm running folding at
>> home, it is doing that
>> ./kdecache-lordmorgul
>> /tmp/pulse-lordmorgul/pid
>> /tmp/banshee-NDesk.DBus.Bus.txt
>> /tmp/gnome-system-monitor.lordmorgul.777456431
>> ./virtual-lordmorgul.4FvBXq
>> ./.esd-500
>> ./fah
>> ./virtual-lordmorgul.xxxxx/
>>
>> And more. These are all accesses denied to
>> /usr/sbin/tmpwatch, files (normal
>> and sockets) and directories all labeled file_t.
>>
>> This list is about a third of the denials I've seen
>> pop up just this morning.
>> I've seen this occurring for several days (if not
>> more than a week) just have
>> not dealt with it yet. The issue is probably not a
>> very recent change. I've
>> had several relabels, new kernels, and new policy
>> while seeing this same issue,
>> many denials to /usr/bin/tmpwatch for file_t.
>>
>> --
>> Andrew Farris <lordmorgul at gmail.com>
>> www.lordmorgul.net
>> gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF
>> 707E A2E0 F0F6 E622 C99B 1DF3
>> No one now has, and no one will ever again get, the
>> big picture. - Daniel Geer
>> ----
>> ----
>>
>> --
>> fedora-test-list mailing list
>> fedora-test-list at redhat.com
>> To unsubscribe:
>>
> https://www.redhat.com/mailman/listinfo/fedora-test-list
>
> Great to hear that Andrew, I thought I was the only
> one experiencing this kind of denials with the file_t.
> I have done touch ./autorelabel; reboot several times
> already and that is why I submit the setroubleshoot
> complaints.
>
> Regards,
>
> Antonio
>
>
> ____________________________________________________________________________________
> Never miss a thing. Make Yahoo your home page.
> http://www.yahoo.com/r/hs
>
Can you just delete these files from /tmp/
They may have been there before the relabel.
restorecon and fixfiles do not touch certain directories /tmp being one
of them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkfNu4MACgkQrlYvE4MpobObeQCgnNaaSY23kdHIRx9BWsLHe+YX
PrcAn3AZslkmVE/YB6VKH1x1Aupr/xAF
=ntpr
-----END PGP SIGNATURE-----
More information about the test
mailing list