Ok I did as you suggested and my output after a
sealert -a /var/log/audit/audit.log > /root/mylogfile.txt
was
____________________________________________________________________________
found 2 alerts in /var/log/audit/audit.log
--------------------------------------------------------------------------------
Summary:
SELinux is preventing cp from creating a file with a context of unlabeled_t on
a
filesystem.
Detailed Description:
[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]
SELinux is preventing cp from creating a file with a context of unlabeled_t on
a
filesystem. Usually this happens when you ask the cp command to maintain the
context of a file when copying between file systems, "cp -a" for example. Not
all file contexts should be maintained between the file systems. For example,
a
read-only file type like iso9660_t should not be placed on a r/w
system. "cp -P"
might be a better solution, as this will adopt the default file context for
the
destination.
Allowing Access:
Use a command like "cp -P" to preserve all permissions except SELinux context.
Additional Information:
Source Context user_u:object_r:unlabeled_t
Target Context system_u:object_r:fs_t
Target Objects test.txt [ filesystem ]
Source cp
Source Path /bin/cp
Port <Unknown>
Host <Unknown>
Source RPM Packages coreutils-5.97-14.el5
Target RPM Packages
Policy RPM selinux-policy-2.4.6-137.1.el5
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Permissive
Plugin Name filesystem_associate
Host Name the-rat.xxxx.ca
Platform Linux the-rat.xxxxx.ca 2.6.18-92.1.13.el5 #1
SMP Wed Sep 24 19:33:52 EDT 2008 i686 i686
Alert Count 5
First Seen Thu Oct 16 13:11:30 2008
Last Seen Wed Nov 5 10:59:39 2008
Local ID 70942f5b-18a0xxxxxxxc86b
Line Numbers 5, 6, 1227, 1228, 1703, 1704, 2766, 2767, 3066,
3067
Raw Audit Messages
type=AVC msg=audit(1225900779.959:311): avc: denied { associate } for
pid=14890 comm="cp" name="test.txt" scontext=user_u:object_r:unlabeled_t:s0
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
type=SYSCALL msg=audit(1225900779.959:311): arch=40000003 syscall=5
success=yes exit=4 a0=9a720d0 a1=8041 a2=81b4 a3=8041 items=0 ppid=14864
pid=14890 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000
egid=1000 sgid=1000 fsgid=1000 tty=pts5 ses=1 comm="cp" exe="/bin/cp"
subj=user_u:system_r:unconfined_t:s0 key=(null)
--------------------------------------------------------------------------------
_____________________________________________________________________________
But
[freund@the-rat ~]$ ls -Z test.txt
-rw-rw-r-- freund freund user_u:object_r:user_home_t test.txt
so I am wondering where the unlabeled_t is coming from.
On Saturday 01 November 2008 4:24:27 pm Nifty Cluster Mitch wrote:
> On Wed, Oct 29, 2008 at 11:23:28AM -0400, Al Freundorfer wrote:
> > I was directed to post this on the mailing list. See the following forum
> > post as a reference.
> >
> > http://www.centos.org/modules/newbb/viewtopic.php?topic_id=16710&forum=42
> >
> > I formatted my external ext3 372GB USB hard drive in ubuntu and now want
> > to use it
> > in Centos. I made sure that my group/user numbers were the same. I was
> > not able to write to the mounted USB hard drive (HD). I suspected selinux
> > and shut it of and I was able to copy the file! I set selinux back to
> > enforce and rebooted. I like the security features of selinux.
> >
> > I tried:
> > 1) chcon -v
> > 2) restorecon -Rv /media/disk
> > 3) cp -P
> >
> > and still am not able to write to the USB HD. The sad part is I can
> > delete files from the USB HD. See forum post for details.
> >
> > I tried it in fedora 9 and it is able to write to the USB HD
> >
> > I tried an 32GB USB memory stick in Centos 5.2 and it worked!
> > I am wondering why it doesn't work for my USB HD? The only difference is
> > the the size.
>
> Try rebooting in permissive mode then inspect the avc messages.
>
> Double check the permissions of the mount point before and
> after mounting the device.
--
A.P. Freundorfer, P.Eng.
Department of Electrical and Computer Engineering
Queens University
Kingston, Ontario, CANADA K7L 3N6
Phone: (613)533-2943 fax:(613)533-6615
http://www.ece.queensu.ca/directory/laboratories/highspeedcircuits.html
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
