On Tuesday 27 September 2011 19:17:17 Daniel J Walsh wrote: > On 09/27/2011 11:26 AM, Tony Molloy wrote: > > On Monday 26 September 2011 22:22:31 Dominick Grift wrote: > >> On Mon, 2011-09-26 at 15:00 +0100, Tony Molloy wrote: > >>> Hi, > >>> > >>> On a fully updated CentOS 5.7 box I get the following AVC > >>> SELinux is preventing unix_update (updpwd_t) "getattr" to / > >>> (fs_t). > >>> > >>> Raw Audit Message > >>> > >>> host=a.b.c.d type=AVC msg=audit(1317043134.620:3620): avc: > >>> denied > >>> > >>> { getattr } for pid=21354 comm="unix_update" name="/" dev=sda5 > >>> > >>> ino=2 scontext=system_u:system_r:updpwd_t:s0 > >>> > >>> tcontext=system_u:object_r:fs_t:s0 tclass=filesystem > >>> > >>> > Probably has to do with the way the mount table is setup on this > machine versus other machines. Now I've just noticed some other SElinux problems on this machine. Unusual System Events =-=-=-=-=-=-=-=-=-=-= Sep 24 13:25:24 garryowen ssh: /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /home/[^/]*/.+. Sep 24 13:25:24 garryowen ssh: /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /home/[^/]*/.virtinst(/.*)?. ..... Now some time ago I moved some test mail accounts on this machine from /users to /home and ran genhomedircon. There is a file in /etc/selinux/targeted/contexts/files/ called file_contexts.homedirs, generated by genhomedircon, which contains context information for /home. Could this multiple definitions be the root cause of the problem Should I remove this file and autorelabel the entire filesystem again. Thanks, Tony |
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux