On 07/19/2015 08:27 PM, Ed Greshko wrote:
On 07/20/15 09:39, jd1008 wrote:
I forgot the file I touch in / to force a relabel, something like
.relabel=true ???
touch /.autorelabel google would have found that for you.
Yep! I found it in a fedoraproject forum message
right after I sent the email.
I was just replying that I had forgotten it, with the
intent of looking it up :)
After doing that and rebooting, I got 16 alerts.
Here is one of them:
SELinux is preventing /usr/bin/python2.7 from *remove_name*access on the
directory .
***** Plugin catchall (100. confidence) suggests **************************
If you believe that python2.7 should be allowed remove_name access on
the directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep python /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023
Target Context system_u:object_r:tmp_t:s0
Target Objects [ dir ]
Source python
Source Path /usr/bin/python2.7
Port <Unknown>
Host localhost.localdomain
Source RPM Packages python-2.7.5-16.fc20.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.12.1-197.fc20.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name localhost.localdomain
Platform Linux localhost.localdomain
3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5
14:01:17
UTC 2013 x86_64 x86_64
Alert Count 1
First Seen 2015-07-20 10:14:10 MDT
Last Seen 2015-07-20 10:14:10 MDT
Local ID d167f2ee-4c4c-442e-877f-5a725536ec97
Raw Audit Messages
type=AVC msg=audit(1437408850.342:377): avc: denied { remove_name }
for pid=2582 comm="python" name="ffiuVaXeC" dev="tmpfs" ino=28942
scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023
tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=AVC msg=audit(1437408850.342:377): avc: denied { unlink } for
pid=2582 comm="python" name="ffiuVaXeC" dev="tmpfs" ino=28942
scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023
tcontext=system_u:object_r:tmp_t:s0 tclass=file
type=SYSCALL msg=audit(1437408850.342:377): arch=x86_64 syscall=unlink
success=yes exit=0 a0=7fffd3473a60 a1=c2 a2=180 a3=1 items=0 ppid=2581
pid=2582 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 ses=4294967295 tty=(none) comm=python exe=/usr/bin/python2.7
subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null)
Hash: python,blueman_t,tmp_t,dir,remove_name
The rest are summarised as:
SELinux is preventing /usr/bin/python2.7 from execute access on the file .
SELinux is preventing /usr/sbin/lightdm from write access on the directory .
SELinux is preventing /usr/sbin/lightdm from append access on the file .
The rest of the 16 alerts are all re: write access
Please note that I have stopped and disabled sysstat-collect.timerand
sysstat.service
since my previous reply.
Also note that I fully re-installed fresh due to the frustration since
my first
report about this thread.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
