-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrew Farris wrote: > Andrew Farris wrote: >> I have hundreds of denials that happened with gconfd-2 a few days ago >> (socket files in tmp mostly). Now I see many of these accesses >> prevented to file_t. >> >> Files such as: >> ./keyring-vaxTjg >> /tmp/fahcore-iolock.txt <- I'm running folding at home, it is doing that >> ./kdecache-lordmorgul >> /tmp/pulse-lordmorgul/pid >> /tmp/banshee-NDesk.DBus.Bus.txt >> /tmp/gnome-system-monitor.lordmorgul.777456431 >> ./virtual-lordmorgul.4FvBXq >> ./.esd-500 >> ./fah >> ./virtual-lordmorgul.xxxxx/ >> >> And more. These are all accesses denied to /usr/sbin/tmpwatch, files >> (normal and sockets) and directories all labeled file_t. > > Most of these are older files and directories as well. Is autorelabel > *not* clearing out tmp when it labels? I wonder if it is failing to > apply any label to these at that time? > Yes autorelabel does not touch /tmp, you have to remove them manually. I am wondering if I should allow tmpwatch to handle file_t. > Andrew Farris <lordmorgul@xxxxxxxxx> www.lordmorgul.net > gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF 707E A2E0 F0F6 E622 C99B > 1DF3 > No one now has, and no one will ever again get, the big picture. - > Daniel Geer > ---- > ---- > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkfNuw8ACgkQrlYvE4MpobNoFQCeIYPo7bitw8NrJ1+8ces32LEt 3fIAn0soX3eWgWVyGw+LdjBELj1Vy5b9 =hRDa -----END PGP SIGNATURE----- -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
