SELinux is preventing access to files with the label, file_t.

Daniel J Walsh dwalsh at redhat.com
Tue Mar 4 21:13:39 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
> --- Andrew Farris <lordmorgul at gmail.com> wrote:
> 
>> Antonio Olivares wrote:
>>>>> SELinux is preventing access to files with the
>>>> label,
>>>>> file_t.
>>>> Is this file being created from a virtual
>> machine? 
>>>> How is this file
>>>> getting there?
>> In my case it is definitely not a virtual machine
>> (I'm not running any on that 
>> box), but I'm seeing the same thing happen with a
>> variety of files in /tmp. 
>> They all seem to be session data files of some type.
>>
>> I have hundreds of denials that happened with
>> gconfd-2 a few days ago (socket 
>> files in tmp mostly).  Now I see many of these
>> accesses prevented to file_t.
>>
>> Files such as:
>> ./keyring-vaxTjg
>> /tmp/fahcore-iolock.txt  <- I'm running folding at
>> home, it is doing that
>> ./kdecache-lordmorgul
>> /tmp/pulse-lordmorgul/pid
>> /tmp/banshee-NDesk.DBus.Bus.txt
>> /tmp/gnome-system-monitor.lordmorgul.777456431
>> ./virtual-lordmorgul.4FvBXq
>> ./.esd-500
>> ./fah
>> ./virtual-lordmorgul.xxxxx/
>>
>> And more.  These are all accesses denied to
>> /usr/sbin/tmpwatch, files (normal 
>> and sockets) and directories all labeled file_t.
>>
>> This list is about a third of the denials I've seen
>> pop up just this morning. 
>> I've seen this occurring for several days (if not
>> more than a week) just have 
>> not dealt with it yet.  The issue is probably not a
>> very recent change.  I've 
>> had several relabels, new kernels, and new policy
>> while seeing this same issue, 
>> many denials to /usr/bin/tmpwatch for file_t.
>>
>> -- 
>> Andrew Farris <lordmorgul at gmail.com>
>> www.lordmorgul.net
>>   gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF
>> 707E A2E0 F0F6 E622 C99B 1DF3
>> No one now has, and no one will ever again get, the
>> big picture. - Daniel Geer
>> ----                                                
>>                       ----
>>
>> -- 
>> fedora-test-list mailing list
>> fedora-test-list at redhat.com
>> To unsubscribe: 
>>
> https://www.redhat.com/mailman/listinfo/fedora-test-list
> 
> Great to hear that Andrew, I thought I was the only
> one experiencing this kind of denials with the file_t.
>  I have done touch ./autorelabel; reboot several times
> already and that is why I submit the setroubleshoot
> complaints.  
> 
> Regards,
> 
> Antonio 
> 
> 
>       ____________________________________________________________________________________
> Never miss a thing.  Make Yahoo your home page. 
> http://www.yahoo.com/r/hs
> 
Can you just delete these files from /tmp/

They may have been there before the relabel.

restorecon and fixfiles do not touch certain directories /tmp being one
of them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfNu4MACgkQrlYvE4MpobObeQCgnNaaSY23kdHIRx9BWsLHe+YX
PrcAn3AZslkmVE/YB6VKH1x1Aupr/xAF
=ntpr
-----END PGP SIGNATURE-----

More information about the test mailing list