Re: Why can not user_t link var_lib_t files?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Daniel J Walsh writes:
> Yes user_u is not that restrictive, but the idea is a managed user.  I 
> would tend to think of  user who does few commands with the shell.

Ok.  The typical GUI user would probably not trigger this, I agree.

> But please attach the avc's you are seeing?

I retriggered it, and attach the mail setroubleshoot sent me.

> The directory in question might need a different label.

Yes, I was planning to add some fcontext rule for it.  A custom rule
for a custom directory.
--- Begin Message ---
Summary
SELinux is preventing ln (user_t) "link" to ./30392D30342D3132202D20535654312056C3A473746E797474202D204D65726C696E202D20427269747469736B742066616E746173796472616D615F2044656C2031332061762031335F2056C3A46E736B61705F206C6F6A616C69746574206F6368206B2E7473 (var_lib_t).
Detailed Description
SELinux denied access requested by ln. It is not expected that this access is required by ln and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./30392D30342D3132202D20535654312056C3A473746E797474202D204D65726C696E202D20427269747469736B742066616E746173796472616D615F2044656C2031332061762031335F2056C3A46E736B61705F206C6F6A616C69746574206F6368206B2E7473,

restorecon -v './30392D30342D3132202D20535654312056C3A473746E797474202D204D65726C696E202D20427269747469736B742066616E746173796472616D615F2044656C2031332061762031335F2056C3A46E736B61705F206C6F6A616C69746574206F6368206B2E7473'

If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package.

Additional Information
Source Context:  user_u:user_r:user_t
Target Context:  system_u:object_r:var_lib_t
Target Objects:  ./30392D30342D3132202D20535654312056C3A473746E797474202D204D65726C696E202D20427269747469736B742066616E746173796472616D615F2044656C2031332061762031335F2056C3A46E736B61705F206C6F6A616C69746574206F6368206B2E7473 [ file ]
Source:  ln
Source Path:  /bin/ln
Port:  <Unknown>
Host:  mimmi
Source RPM Packages:  coreutils-6.12-18.fc10
Target RPM Packages:  
Policy RPM:  selinux-policy-3.5.13-58.fc10
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Enforcing
Plugin Name:  catchall_file
Host Name:  mimmi
Platform:  Linux mimmi 2.6.27.12-170.2.5.fc10.x86_64 #1 SMP Wed Jan 21 01:33:24 EST 2009 x86_64 x86_64
Alert Count:  1
First Seen:  Mon May 18 20:00:13 2009
Last Seen:  Mon May 18 20:00:13 2009
Local ID:  d6ad3700-432a-4dd7-b574-46275e4d1e24
Line Numbers:  

Raw Audit Messages :

node=mimmi type=AVC msg=audit(1242669613.397:1336): avc: denied { link } for pid=26061 comm="ln" name=30392D30342D3132202D20535654312056C3A473746E797474202D204D65726C696E202D20427269747469736B742066616E746173796472616D615F2044656C2031332061762031335F2056C3A46E736B61705F206C6F6A616C69746574206F6368206B2E7473 dev=dm-0 ino=3276854 scontext=user_u:user_r:user_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file
node=mimmi type=SYSCALL msg=audit(1242669613.397:1336): arch=c000003e syscall=86 success=no exit=-13 a0=7fff3f37982a a1=7fff3f3798a4 a2=0 a3=7fff3f378380 items=0 ppid=25807 pid=26061 auid=920 uid=920 gid=924 euid=920 suid=920 fsuid=920 egid=924 sgid=924 fsgid=924 tty=tty2 ses=10 comm="ln" exe="/bin/ln" subj=user_u:user_r:user_t:s0 key=(null)


--- End Message ---
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux