Error on relable for SELinux
Arthur Pemberton
pemboa at gmail.com
Thu Sep 27 18:06:10 UTC 2007
On 9/27/07, Les <hlhowell at pacbell.net> wrote:
> I need a SELinux person to explain this error for me. It seems to occur
> when I try to print from the web.
>
> The suggested command "restorecon -v Par0 doesn't work because for one
> thing Par0 doesn't exist I think. The error seems to be that something
> wants to relable sbin/udevd to par0, and since that didn't occur I
> suspect that the problem is not with Par0, but rather the /sbin/udevd.
> And since I think this is a system file, I am not sure it should be
> relabled anyway, without causing other problems. At least that is my
> take. Any ideas?
>
> Please help with detailed information. I do not want to mess up my
> system, which seems to be working well except for this.
>
> Regards,
> Les H
>
> Here is the output from the SETroubleshoot window:
>
> Summary
> SELinux is preventing /sbin/udevd (udev_t) "relabelto" to par0
> (device_t).
>
> Detailed Description
> SELinux denied access requested by /sbin/udevd. It is not expected
> that this
> access is required by /sbin/udevd and this access may signal an
> intrusion
> attempt. It is also possible that the specific version or
> configuration of
> the application is causing it to require additional access.
>
> Allowing Access
> Sometimes labeling problems can cause SELinux denials. You could
> try to
> restore the default system file context for par0, restorecon -v par0
> If this
> does not work, there is currently no automatic way to allow this
> access.
> Instead, you can generate a local policy module to allow this
> access - see
> http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can
> disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended. Please file a
> http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
> against this package.
>
> Additional Information
>
> Source Context
> system_u:system_r:udev_t:SystemLow-SystemHigh
> Target Context system_u:object_r:device_t
> Target Objects par0 [ lnk_file ]
> Affected RPM Packages udev-113-12.fc7 [application]
> Policy RPM selinux-policy-2.6.4-42.fc7
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Permissive
> Plugin Name plugins.catchall_file
> Host Name localhost.localdomain
> Platform Linux localhost.localdomain
> 2.6.22.7-85.fc7 #1 SMP
> Fri Sep 21 19:53:05 EDT 2007 i686 i686
> Alert Count 5
> First Seen Sat 15 Sep 2007 12:20:19 PM PDT
> Last Seen Thu 27 Sep 2007 10:10:01 AM PDT
> Local ID 3b8dfa9b-fb5a-489d-9750-ea5776718542
> Line Numbers
>
> Raw Audit Messages
>
> avc: denied { relabelto } for comm="udevd" dev=tmpfs egid=0 euid=0
> exe="/sbin/udevd" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="par0"
> pid=3273
> scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0
> subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=lnk_file
> tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0
>
There is an SELinux list where I'm sure you will find much more
reliable assistance:
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
Fedora 7 : sipping some of that moonshine
( www.pembo13.com )
More information about the users
mailing list