On 10/01/2010 08:16 AM, Daniel J Walsh wrote: > On 10/01/2010 10:32 AM, Dan Thurman wrote: > > I get this often too, how to fix? > > > ==================================================================== > > Summary: > > > SELinux is preventing /usr/bin/updatedb "read" access on My Documents. > > > Detailed Description: > > > SELinux denied access requested by updatedb. It is not expected that > > this access > > is required by updatedb and this access may signal an intrusion attempt. > > It is > > also possible that the specific version or configuration of the > > application is > > causing it to require additional access. > > > Allowing Access: > > > You can generate a local policy module to allow this access - see FAQ > > (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please > file a bug > > report. > > > Additional Information: > > > Source Context system_u:system_r:locate_t:s0-s0:c0.c1023 > > Target Context system_u:object_r:samba_share_t:s0 > > Target Objects My Documents [ lnk_file ] > > Source updatedb > > Source Path /usr/bin/updatedb > > Port <Unknown> > > Host host.domain.com > > Source RPM Packages mlocate-0.22.4-1.fc13 > > Target RPM Packages > > Policy RPM selinux-policy-3.7.19-57.fc13 > > Selinux Enabled True > > Policy Type targeted > > Enforcing Mode Enforcing > > Plugin Name catchall > > Host Name host.domain.com > > Platform Linux host.domain.com > > 2.6.34.6-54.fc13.i686 #1 SMP > > Sun Sep 5 17:52:31 UTC 2010 i686 i686 > > Alert Count 130 > > First Seen Thu 30 Sep 2010 03:43:09 AM PDT > > Last Seen Fri 01 Oct 2010 03:37:52 AM PDT > > Local ID 4ee4e27f-095e-4186-a718-dfeb6cb22169 > > Line Numbers > > > Raw Audit Messages > > > node=host.domain.com type=AVC msg=audit(1285929472.607:103678): avc: > > denied { read } for pid=22716 comm="updatedb" > > name=4D7920446F63756D656E7473 dev=sdc3 ino=83907 > > scontext=system_u:system_r:locate_t:s0-s0:c0.c1023 > > tcontext=system_u:object_r:samba_share_t:s0 tclass=lnk_file > > > node=host.domain.com type=SYSCALL msg=audit(1285929472.607:103678): > > arch=40000003 syscall=12 success=no exit=-13 a0=9e9c8f9 a1=bfe5b6f0 > > a2=bfe5b8e4 a3=bfe5b6f0 items=0 ppid=22709 pid=22716 auid=0 uid=0 gid=0 > > euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6602 > > comm="updatedb" exe="/usr/bin/updatedb" > > subj=system_u:system_r:locate_t:s0-s0:c0.c1023 key=(null) > > > > -- > > selinux mailing list > > selinux@xxxxxxxxxxxxxxxxxxxxxxx > > https://admin.fedoraproject.org/mailman/listinfo/selinux > > > Did you relabel your homedir as samba_share_t? No. This came from a mounted NTFS filesystem. Please see my response to the smbd error as it explains the situation regarding defining context='',defaults issue - and by adding in the ',defaults' it allows SELinux to do enforing/verification within the NTFS mounted filesystems which is what I wanted to stop in the first place. Perhaps a bug on this needs to be reported such that context='' is a vaild argument instead of also requiring ',defaults' in order to make it so? -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
