--- Andrew Farris <lordmorgul@xxxxxxxxx> wrote: > Antonio Olivares wrote: > >>> SELinux is preventing access to files with the > >> label, > >>> file_t. > > >> Is this file being created from a virtual > machine? > >> How is this file > >> getting there? > > In my case it is definitely not a virtual machine > (I'm not running any on that > box), but I'm seeing the same thing happen with a > variety of files in /tmp. > They all seem to be session data files of some type. > > I have hundreds of denials that happened with > gconfd-2 a few days ago (socket > files in tmp mostly). Now I see many of these > accesses prevented to file_t. > > Files such as: > ./keyring-vaxTjg > /tmp/fahcore-iolock.txt <- I'm running folding at > home, it is doing that > ./kdecache-lordmorgul > /tmp/pulse-lordmorgul/pid > /tmp/banshee-NDesk.DBus.Bus.txt > /tmp/gnome-system-monitor.lordmorgul.777456431 > ./virtual-lordmorgul.4FvBXq > ./.esd-500 > ./fah > ./virtual-lordmorgul.xxxxx/ > > And more. These are all accesses denied to > /usr/sbin/tmpwatch, files (normal > and sockets) and directories all labeled file_t. > > This list is about a third of the denials I've seen > pop up just this morning. > I've seen this occurring for several days (if not > more than a week) just have > not dealt with it yet. The issue is probably not a > very recent change. I've > had several relabels, new kernels, and new policy > while seeing this same issue, > many denials to /usr/bin/tmpwatch for file_t. > > -- > Andrew Farris <lordmorgul@xxxxxxxxx> > www.lordmorgul.net > gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF > 707E A2E0 F0F6 E622 C99B 1DF3 > No one now has, and no one will ever again get, the > big picture. - Daniel Geer > ---- > ---- > > -- > fedora-test-list mailing list > fedora-test-list@xxxxxxxxxx > To unsubscribe: > https://www.redhat.com/mailman/listinfo/fedora-test-list > Great to hear that Andrew, I thought I was the only one experiencing this kind of denials with the file_t. I have done touch ./autorelabel; reboot several times already and that is why I submit the setroubleshoot complaints. Regards, Antonio ____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
