Summary
SELinux is preventing /usr/bin/updatedb (locate_t) "search" to / (dosfs_t).
Detailed Description
SELinux denied access requested by /usr/bin/updatedb. It is not expected
that this access is required by /usr/bin/updatedb and this access may signal
an intrusion attempt. It is also possible that the specific version or
configuration of the application is causing it to require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to
restore the default system file context for /, restorecon -v / If this does
not work, there is currently no automatic way to allow this access. Instead,
you can generate a local policy module to allow this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.
Additional Information
Source Context system_u:system_r:locate_t
Target Context system_u:object_r:dosfs_t
Target Objects / [ dir ]
Affected RPM Packages mlocate-0.16-1 [application]filesystem-2.4.6-1.fc7
[target]
Policy RPM selinux-policy-2.6.1-1.fc7
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall_file
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.21-1.3116.fc7 #1
SMP Thu Apr 26 10:36:44 EDT 2007 i686 athlon
Alert Count 2
First Seen Wed 02 May 2007 02:24:50 PM PDT
Last Seen Sun 13 May 2007 10:23:40 PM PDT
Local ID 6e0c127c-8364-4122-ad26-27684542b5e0
Line Numbers
Raw Audit Messages
avc: denied { search } for comm="updatedb" dev=sda6 egid=0 euid=0
exe="/usr/bin/updatedb" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="/" pid=7589
scontext=system_u:system_r:locate_t:s0 sgid=0 subj=system_u:system_r:locate_t:s0
suid=0 tclass=dir tcontext=system_u:object_r:dosfs_t:s0 tty=(none) uid=0
---------------------------------------------------------------------
Summary
SELinux is preventing /sbin/dhcdbd (dhcpc_t) "read" to /etc/dbus-1/system.d
(dbusd_etc_t).
Detailed Description
SELinux denied access requested by /sbin/dhcdbd. It is not expected that
this access is required by /sbin/dhcdbd and this access may signal an
intrusion attempt. It is also possible that the specific version or
configuration of the application is causing it to require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to
restore the default system file context for /etc/dbus-1/system.d, restorecon
-v /etc/dbus-1/system.d If this does not work, there is currently no
automatic way to allow this access. Instead, you can generate a local
policy module to allow this access - see http://fedora.redhat.com/docs
/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection
altogether. Disabling SELinux protection is not recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
Additional Information
Source Context system_u:system_r:dhcpc_t
Target Context system_u:object_r:dbusd_etc_t
Target Objects /etc/dbus-1/system.d [ dir ]
Affected RPM Packages dhcdbd-2.7-4.fc7 [application]dbus-1.0.2-4.fc7
[target]
Policy RPM selinux-policy-2.6.1-1.fc7
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall_file
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.21-1.3116.fc7 #1
SMP Thu Apr 26 10:36:44 EDT 2007 i686 athlon
Alert Count 1
First Seen Sun 13 May 2007 09:59:39 PM PDT
Last Seen Sun 13 May 2007 09:59:39 PM PDT
Local ID 82e7ce83-8b5c-40c5-906e-2873db2c0c18
Line Numbers
Raw Audit Messages
avc: denied { read } for comm="dhcdbd" dev=sda5 egid=81 euid=81
exe="/sbin/dhcdbd" exit=0 fsgid=81 fsuid=81 gid=81 items=0 name="system.d"
path="/etc/dbus-1/system.d" pid=5960 scontext=system_u:system_r:dhcpc_t:s0
sgid=81 subj=system_u:system_r:dhcpc_t:s0 suid=81 tclass=dir
tcontext=system_u:object_r:dbusd_etc_t:s0 tty=(none) uid=81
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
