SELinux security alert
vinny
vonelli at optonline.net
Sat Dec 19 19:06:24 UTC 2009
Hello,
I installed F12 in 2 desktop no problem both working perfectly.
lately one has developed this security problem, it suggest to rename a
file as a possible cure, I do not understand how can a file change name
by it self. So before I make a mess of things I better ask for help.
Vinny
Summary:
SELinux is preventing /bin/find "getattr" access
to /var/lib/misc/prelink.full.
Detailed Description:
[find has a permissive type (prelink_cron_system_t). This access was not
denied.]
SELinux denied access requested by find. /var/lib/misc/prelink.full may
be a
mislabeled. /var/lib/misc/prelink.full default SELinux type is
prelink_var_lib_t,
but its current type is cron_var_lib_t. Changing this file back to the
default
type, may fix your problem.
File contexts can be assigned to a file in the following ways.
* Files created in a directory receive the file context of the parent
directory by default.
* The SELinux policy might override the default label inherited from
the
parent directory by specifying a process running in context A which
creates
a file in a directory labeled B will instead create the file with
label C.
An example of this would be the dhcp client running with the
dhclient_t type
and creating a file in the directory /etc. This file would normally
receive
the etc_t type due to parental inheritance but instead the file is
labeled
with the net_conf_t type because the SELinux policy specifies this.
* Users can change the file context on a file using tools such as
chcon, or
restorecon.
This file could have been mislabeled either by user error, or if an
normally
confined application was run under the wrong domain.
However, this might also indicate a bug in SELinux because the file
should not
have been labeled with this type.
If you believe this is a bug, please file a bug report against this
package.
Allowing Access:
You can restore the default system context to this file by executing the
restorecon command. restorecon '/var/lib/misc/prelink.full', if this
file is a
directory, you can recursively restore using restorecon -R
'/var/lib/misc/prelink.full'.
Fix Command:
/sbin/restorecon '/var/lib/misc/prelink.full'
Additional Information:
Source Context
system_u:system_r:prelink_cron_system_t:s0-s0:c0.c
1023
Target Context system_u:object_r:cron_var_lib_t:s0
Target Objects /var/lib/misc/prelink.full [ file ]
Source find
Source Path /bin/find
Port <Unknown>
Host localhost.localdomain
Source RPM Packages findutils-4.4.2-4.fc12
Target RPM Packages prelink-0.4.2-4.fc12
Policy RPM selinux-policy-3.6.32-55.fc12
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name restorecon
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.31.6-166.fc12.i686.PAE #1 SMP Wed Dec
9
11:00:30 EST 2009 i686 i686
Alert Count 4
First Seen Sat 12 Dec 2009 07:32:14 AM EST
Last Seen Sat 19 Dec 2009 01:45:15 PM EST
Local ID e5732596-f308-439c-9920-c4a394f95061
Line Numbers
Raw Audit Messages
node=localhost.localdomain type=AVC msg=audit(1261248315.138:22): avc:
denied { getattr } for pid=2950 comm="find"
path="/var/lib/misc/prelink.full" dev=dm-0 ino=2402
scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023
tcontext=system_u:object_r:cron_var_lib_t:s0 tclass=file
node=localhost.localdomain type=SYSCALL msg=audit(1261248315.138:22):
arch=40000003 syscall=300 success=yes exit=0 a0=ffffff9c a1=8594704
a2=85946a4 a3=100 items=0 ppid=2949 pid=2950 auid=0 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="find"
exe="/bin/find"
subj=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 key=(null)
More information about the users
mailing list