Re: updpwd AVC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/28/2011 10:56 AM, Tony Molloy wrote:
> On Tuesday 27 September 2011 19:17:17 Daniel J Walsh wrote:
> 
>> On 09/27/2011 11:26 AM, Tony Molloy wrote:
> 
>>> On Monday 26 September 2011 22:22:31 Dominick Grift wrote:
> 
>>>> On Mon, 2011-09-26 at 15:00 +0100, Tony Molloy wrote:
> 
>>>>> Hi,
> 
>>>>> 
> 
>>>>> On a fully updated CentOS 5.7 box I get the following AVC
> 
> 
>>>>> SELinux is preventing unix_update (updpwd_t) "getattr" to
>>>>> /
> 
>>>>> (fs_t).
> 
>>>>> 
> 
>>>>> Raw Audit Message
> 
>>>>> 
> 
>>>>> host=a.b.c.d type=AVC msg=audit(1317043134.620:3620): avc:
> 
>>>>> denied
> 
>>>>> 
> 
>>>>> { getattr } for pid=21354 comm="unix_update" name="/"
>>>>> dev=sda5
> 
>>>>> 
> 
>>>>> ino=2 scontext=system_u:system_r:updpwd_t:s0
> 
>>>>> 
> 
>>>>> tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
> 
>>>>> 
> 
>>>>> 
> 
>> Probably has to do with the way the mount table is setup on this
> 
>> machine versus other machines.
> 
> 
> Now I've just noticed some other SElinux problems on this machine.
> 
> 
> 
> Unusual System Events
> 
> =-=-=-=-=-=-=-=-=-=-=
> 
> Sep 24 13:25:24 garryowen ssh: 
> /etc/selinux/targeted/contexts/files/file_contexts: Multiple same 
> specifications for /home/[^/]*/.+.
> 
> Sep 24 13:25:24 garryowen ssh: 
> /etc/selinux/targeted/contexts/files/file_contexts: Multiple same 
> specifications for /home/[^/]*/.virtinst(/.*)?.
> 
> 
> .....
> 
> 
> 
> Now some time ago I moved some test mail accounts on this machine
> from /users to /home and ran genhomedircon.
> 
> 
> There is a file in /etc/selinux/targeted/contexts/files/ called 
> file_contexts.homedirs, generated by genhomedircon, which contains 
> context information for /home.
> 
> 
> Could this multiple definitions be the root cause of the problem
> 
> 
> Should I remove this file and autorelabel the entire filesystem
> again.
> 
> 
> Thanks,
> 
> 
> Tony
> 
> 
> 
> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
> https://admin.fedoraproject.org/mailman/listinfo/selinux


No
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6DQbQACgkQrlYvE4MpobPAvgCcCCEhB1N2ce1LCaStIc7vE6KZ
lMAAnjtwrA+4FDguLnTsyFwZZ9YmrKes
=tT5S
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux