SE Linux errors

Don Russell fedora at drussell.dnsalias.com
Sun Sep 16 15:56:57 UTC 2007 

Antonio Olivares wrote:
> --- Don Russell <fedora at drussell.dnsalias.com> wrote:
>
>   
>> I've finally decided to see if I can get rid of all
>> my SELinux  errors. 
>> A great help in this was installed the
>> setroubleshoot package.
>>
>> This is on FC7...
>>
>> I am unable to get rid of the following error
>> regarding fetchmail not 
>> being able to access .fetchmailrc in home
>> directories.
>>
>> I have used the suggested commands to "relabel"
>> things... but the error 
>> messages persist. :-(
>>
>> What am I missing?
>>
>> Summary
>> SELinux is preventing the /usr/bin/fetchmail from
>> using potentially 
>> mislabeled files (/home/don/.fetchmailrc).
>> Detailed Description
>> SELinux has denied /usr/bin/fetchmail access to
>> potentially mislabeled 
>> file(s) (/home/don/.fetchmailrc). This means that
>> SELinux will not allow 
>> /usr/bin/fetchmail to use these files. It is common
>> for users to edit 
>> files in their home directory or tmp directories and
>> then move (mv) them 
>> to system directories. The problem is that the files
>> end up with the 
>> wrong file context which confined applications are
>> not allowed to access.
>> Allowing Access
>> If you want /usr/bin/fetchmail to access this files,
>> you need to relabel 
>> them using restorecon -v /home/don/.fetchmailrc. You
>> might want to 
>> relabel the entire directory using restorecon -R -v
>> /home/don.
>> Additional Information
>>
>> Source Context:   	system_u:system_r:fetchmail_t
>> Target Context:   	user_u:object_r:user_home_t
>> Target Objects:   	/home/don/.fetchmailrc [ file ]
>> Affected RPM Packages:   	fetchmail-6.3.7-2.fc7
>> [application]
>> Policy RPM:   	selinux-policy-2.6.4-40.fc7
>> Selinux Enabled:   	True
>> Policy Type:   	targeted
>> MLS Enabled:   	True
>> Enforcing Mode:   	Permissive
>> Plugin Name:   	plugins.home_tmp_bad_labels
>> Host Name:   	boris
>> Platform:   	Linux boris 2.6.22.5-76.fc7 #1 SMP Thu
>> Aug 30 13:47:21 EDT 
>> 2007 i686 i686
>> Alert Count:   	45
>> First Seen:   	Wed Sep 12 22:16:56 2007
>> Last Seen:   	Sat Sep 15 08:36:21 2007
>> Local ID:   	85646638-60c7-4360-98aa-96a137eb018a
>> Line Numbers:   	
>>
>> Raw Audit Messages :
>>
>> avc: denied { getattr } for comm="fetchmail"
>> dev=dm-0 egid=500 euid=500 
>> exe="/usr/bin/fetchmail" exit=0 fsgid=500 fsuid=500
>> gid=500 items=0 
>> name=".fetchmailrc" path="/home/don/.fetchmailrc"
>> pid=2969 
>> scontext=system_u:system_r:fetchmail_t:s0 sgid=500 
>> subj=system_u:system_r:fetchmail_t:s0 suid=500
>> tclass=file 
>> tcontext=user_u:object_r:user_home_t:s0 tty=(none)
>> uid=500
>>
>>
>> -- 
>> fedora-list mailing list
>> fedora-list at redhat.com
>> To unsubscribe:
>> https://www.redhat.com/mailman/listinfo/fedora-list
>>
>>     
>
> Don,
>
> I am no expert here on selinux, but when I have run
> into problems with it, I try the suggestions:
>
> # restorecon -v /home/don/.fetchmailrc. 
>
>   

Did that.. it was suggested in the message fro the troubleshoot package...

> You might want to
> relabel the entire directory using 
>
> # restorecon -R -v /home/don.
>
>   

Ditto....

> If this do not work like you are stating, the next
> step is to try the two commands as su - SuperUser
> Mode:  
> # touch ./autorelabel
> # reboot
>
>   

Ah ha! Thank you.... I did that last night, and this morning those 
message have stopped.

Thank you. :-)
> and if that does not work check the selinux policy to
> see that it is the latest one. Selinux is difficult
> many times, but there are some kind users on this list
> and the fedora-selinux-list that are very helpful. 
> You may also read the pages on the Wiki  
>
> http://fedoraproject.org/wiki/SELinux
>
> http://fedoraproject.org/wiki/SELinux/Troubleshooting
>
> If you have set the selinux mode to permissive and
> then made the respective changes that the
> setroubleshoter encouraged you to do and then started
> selinux in enforcing mode and you get denied avcs
> again, you may need to file a bug report against the
> package(s)
>
> fetchmail-6.3.7-2.fc7 or 
> Policy RPM:   	selinux-policy-2.6.4-40.fc7
>
> Regards,
>
> Antonio 
>
>
>        
> ____________________________________________________________________________________
> Need a vacation? Get great deals
> to amazing places on Yahoo! Travel.
> http://travel.yahoo.com/
>
>

More information about the users mailing list