Re: unlabeled_t types for files

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Stephen,

Here is the AVC message from the audit logs

type=AVC msg=audit(1350688637.763:50803): avc:  denied  { relabelfrom }
for  pid=32717 comm="mount" scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem
type=SYSCALL msg=audit(1350688637.763:50803): arch=c000003e syscall=165
success=yes exit=0 a0=7facda9323f0 a1=7facda9322f0 a2=7facda932410
a3=ffffffffc0ed0000 items=1 ppid=32716 pid=32717 auid=4294967295 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm="mount" exe="/bin/mount"
subj=system_u:system_r:mount_t:s0 key=(null)
type=CWD msg=audit(1350688637.763:50803):  cwd="/"
type=PATH msg=audit(1350688637.763:50803): item=0
name="/var/log/ramfs/cm/trace/ccm/sdi" inode=3154284 dev=08:02 mode=040755
ouid=513 ogid=506 rdev=00:00 obj=system_u:object_r:var_log_t:s0


Thanks,
Anamitra



On 10/18/12 10:59 AM, "Stephen Smalley" <sds@xxxxxxxxxxxxx> wrote:

>On 10/18/2012 01:08 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
>> We have been recently seeing some denials related to one of our files I
>>   ramfs
>>
>> The audit2allow shows as follows
>>
>> allow mount_t unlabeled_t:filesystem relabelfrom;
>>   Our product is based on RHEL6 . We did not see this in the RHEL5
>> version of our product.
>>
>> Why would there be files of type unlabeled_t  on the system  with the
>> move to RHEL6?
>
>Note that the class was "filesystem", not "file".  So this is a denial
>upon an attempt to mount a filesystem with a context= or fscontext=
>mount option.  The fact that it was originally unlabeled_t means that
>the policy had no entry for the filesystem type in its fs_use or
>genfs_contexts configuration.  You should have gotten another message
>from SELinux (with a SELinux: prefix) when it was first mounted about it
>not being configured for labeling.
>
>
>
>--
>selinux mailing list
>selinux@xxxxxxxxxxxxxxxxxxxxxxx
>https://admin.fedoraproject.org/mailman/listinfo/selinux

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux