-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Antonio Olivares wrote: > --- Andrew Farris <lordmorgul@xxxxxxxxx> wrote: > >> Antonio Olivares wrote: >>>>> SELinux is preventing access to files with the >>>> label, >>>>> file_t. >>>> Is this file being created from a virtual >> machine? >>>> How is this file >>>> getting there? >> In my case it is definitely not a virtual machine >> (I'm not running any on that >> box), but I'm seeing the same thing happen with a >> variety of files in /tmp. >> They all seem to be session data files of some type. >> >> I have hundreds of denials that happened with >> gconfd-2 a few days ago (socket >> files in tmp mostly). Now I see many of these >> accesses prevented to file_t. >> >> Files such as: >> ./keyring-vaxTjg >> /tmp/fahcore-iolock.txt <- I'm running folding at >> home, it is doing that >> ./kdecache-lordmorgul >> /tmp/pulse-lordmorgul/pid >> /tmp/banshee-NDesk.DBus.Bus.txt >> /tmp/gnome-system-monitor.lordmorgul.777456431 >> ./virtual-lordmorgul.4FvBXq >> ./.esd-500 >> ./fah >> ./virtual-lordmorgul.xxxxx/ >> >> And more. These are all accesses denied to >> /usr/sbin/tmpwatch, files (normal >> and sockets) and directories all labeled file_t. >> >> This list is about a third of the denials I've seen >> pop up just this morning. >> I've seen this occurring for several days (if not >> more than a week) just have >> not dealt with it yet. The issue is probably not a >> very recent change. I've >> had several relabels, new kernels, and new policy >> while seeing this same issue, >> many denials to /usr/bin/tmpwatch for file_t. >> >> -- >> Andrew Farris <lordmorgul@xxxxxxxxx> >> www.lordmorgul.net >> gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF >> 707E A2E0 F0F6 E622 C99B 1DF3 >> No one now has, and no one will ever again get, the >> big picture. - Daniel Geer >> ---- >> ---- >> >> -- >> fedora-test-list mailing list >> fedora-test-list@xxxxxxxxxx >> To unsubscribe: >> > https://www.redhat.com/mailman/listinfo/fedora-test-list > > Great to hear that Andrew, I thought I was the only > one experiencing this kind of denials with the file_t. > I have done touch ./autorelabel; reboot several times > already and that is why I submit the setroubleshoot > complaints. > > Regards, > > Antonio > > > ____________________________________________________________________________________ > Never miss a thing. Make Yahoo your home page. > http://www.yahoo.com/r/hs > Can you just delete these files from /tmp/ They may have been there before the relabel. restorecon and fixfiles do not touch certain directories /tmp being one of them. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkfNu4MACgkQrlYvE4MpobObeQCgnNaaSY23kdHIRx9BWsLHe+YX PrcAn3AZslkmVE/YB6VKH1x1Aupr/xAF =ntpr -----END PGP SIGNATURE----- -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
