Error on relable for SELinux

Les hlhowell at pacbell.net
Thu Sep 27 17:25:34 UTC 2007 

I need a SELinux person to explain this error for me.  It seems to occur
when I try to print from the web.

The suggested command "restorecon -v Par0 doesn't work because for one
thing Par0 doesn't exist I think.  The error seems to be that something
wants to relable sbin/udevd to par0, and since that didn't occur I
suspect that the problem is not with Par0, but rather the /sbin/udevd.
And since I think this is a system file, I am not sure it should be
relabled anyway, without causing other problems.  At least that is my
take.  Any ideas?

	Please help with detailed information.  I do not want to mess up my
system, which seems to be working well except for this.

Regards,
Les H

Here is the output from the SETroubleshoot window:

Summary
    SELinux is preventing /sbin/udevd (udev_t) "relabelto" to par0
(device_t).

Detailed Description
    SELinux denied access requested by /sbin/udevd. It is not expected
that this
    access is required by /sbin/udevd and this access may signal an
intrusion
    attempt. It is also possible that the specific version or
configuration of
    the application is causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could
try to
    restore the default system file context for par0, restorecon -v par0
If this
    does not work, there is currently no automatic way to allow this
access.
    Instead,  you can generate a local policy module to allow this
access - see
    http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can
disable
    SELinux protection altogether. Disabling SELinux protection is not
    recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
    against this package.

Additional Information        

Source Context
system_u:system_r:udev_t:SystemLow-SystemHigh
Target Context                system_u:object_r:device_t
Target Objects                par0 [ lnk_file ]
Affected RPM Packages         udev-113-12.fc7 [application]
Policy RPM                    selinux-policy-2.6.4-42.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   plugins.catchall_file
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
2.6.22.7-85.fc7 #1 SMP
                              Fri Sep 21 19:53:05 EDT 2007 i686 i686
Alert Count                   5
First Seen                    Sat 15 Sep 2007 12:20:19 PM PDT
Last Seen                     Thu 27 Sep 2007 10:10:01 AM PDT
Local ID                      3b8dfa9b-fb5a-489d-9750-ea5776718542
Line Numbers                  

Raw Audit Messages            

avc: denied { relabelto } for comm="udevd" dev=tmpfs egid=0 euid=0
exe="/sbin/udevd" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="par0"
pid=3273
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=lnk_file
tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0

More information about the users mailing list