SELinux security alert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,
I installed F12 in 2 desktop no problem both working perfectly.
lately one has developed this security problem, it suggest to rename a
file as a possible cure, I do not understand how can a file change name
by it self. So before I make a mess of things I better ask for help.
Vinny 

Summary:

SELinux is preventing /bin/find "getattr" access
to /var/lib/misc/prelink.full.

Detailed Description:

[find has a permissive type (prelink_cron_system_t). This access was not
denied.]

SELinux denied access requested by find. /var/lib/misc/prelink.full may
be a
mislabeled. /var/lib/misc/prelink.full default SELinux type is
prelink_var_lib_t,
but its current type is cron_var_lib_t. Changing this file back to the
default
type, may fix your problem.

File contexts can be assigned to a file in the following ways.

  * Files created in a directory receive the file context of the parent
    directory by default.
  * The SELinux policy might override the default label inherited from
the
    parent directory by specifying a process running in context A which
creates
    a file in a directory labeled B will instead create the file with
label C.
    An example of this would be the dhcp client running with the
dhclient_t type
    and creating a file in the directory /etc. This file would normally
receive
    the etc_t type due to parental inheritance but instead the file is
labeled
    with the net_conf_t type because the SELinux policy specifies this.
  * Users can change the file context on a file using tools such as
chcon, or
    restorecon.

This file could have been mislabeled either by user error, or if an
normally
confined application was run under the wrong domain.

However, this might also indicate a bug in SELinux because the file
should not
have been labeled with this type.

If you believe this is a bug, please file a bug report against this
package.

Allowing Access:

You can restore the default system context to this file by executing the
restorecon command. restorecon '/var/lib/misc/prelink.full', if this
file is a
directory, you can recursively restore using restorecon -R
'/var/lib/misc/prelink.full'.

Fix Command:

/sbin/restorecon '/var/lib/misc/prelink.full'

Additional Information:

Source Context
system_u:system_r:prelink_cron_system_t:s0-s0:c0.c
                              1023
Target Context                system_u:object_r:cron_var_lib_t:s0
Target Objects                /var/lib/misc/prelink.full [ file ]
Source                        find
Source Path                   /bin/find
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           findutils-4.4.2-4.fc12
Target RPM Packages           prelink-0.4.2-4.fc12
Policy RPM                    selinux-policy-3.6.32-55.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   restorecon
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.31.6-166.fc12.i686.PAE #1 SMP Wed Dec
9
                              11:00:30 EST 2009 i686 i686
Alert Count                   4
First Seen                    Sat 12 Dec 2009 07:32:14 AM EST
Last Seen                     Sat 19 Dec 2009 01:45:15 PM EST
Local ID                      e5732596-f308-439c-9920-c4a394f95061
Line Numbers                  

Raw Audit Messages            

node=localhost.localdomain type=AVC msg=audit(1261248315.138:22): avc:
denied  { getattr } for  pid=2950 comm="find"
path="/var/lib/misc/prelink.full" dev=dm-0 ino=2402
scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023
tcontext=system_u:object_r:cron_var_lib_t:s0 tclass=file

node=localhost.localdomain type=SYSCALL msg=audit(1261248315.138:22):
arch=40000003 syscall=300 success=yes exit=0 a0=ffffff9c a1=8594704
a2=85946a4 a3=100 items=0 ppid=2949 pid=2950 auid=0 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="find"
exe="/bin/find"
subj=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 key=(null)




-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux