--- Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Antonio Olivares wrote: > > --- Andrew Farris <lordmorgul@xxxxxxxxx> wrote: > > > >> Antonio Olivares wrote: > >>>>> SELinux is preventing access to files with the > >>>> label, > >>>>> file_t. > >>>> Is this file being created from a virtual > >> machine? > >>>> How is this file > >>>> getting there? > >> In my case it is definitely not a virtual machine > >> (I'm not running any on that > >> box), but I'm seeing the same thing happen with a > >> variety of files in /tmp. > >> They all seem to be session data files of some > type. > >> > >> I have hundreds of denials that happened with > >> gconfd-2 a few days ago (socket > >> files in tmp mostly). Now I see many of these > >> accesses prevented to file_t. > >> > >> Files such as: > >> ./keyring-vaxTjg > >> /tmp/fahcore-iolock.txt <- I'm running folding > at > >> home, it is doing that > >> ./kdecache-lordmorgul > >> /tmp/pulse-lordmorgul/pid > >> /tmp/banshee-NDesk.DBus.Bus.txt > >> /tmp/gnome-system-monitor.lordmorgul.777456431 > >> ./virtual-lordmorgul.4FvBXq > >> ./.esd-500 > >> ./fah > >> ./virtual-lordmorgul.xxxxx/ > >> > >> And more. These are all accesses denied to > >> /usr/sbin/tmpwatch, files (normal > >> and sockets) and directories all labeled file_t. > >> > >> This list is about a third of the denials I've > seen > >> pop up just this morning. > >> I've seen this occurring for several days (if not > >> more than a week) just have > >> not dealt with it yet. The issue is probably not > a > >> very recent change. I've > >> had several relabels, new kernels, and new policy > >> while seeing this same issue, > >> many denials to /usr/bin/tmpwatch for file_t. > >> > >> -- > >> Andrew Farris <lordmorgul@xxxxxxxxx> > >> www.lordmorgul.net > >> gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF > >> 707E A2E0 F0F6 E622 C99B 1DF3 > >> No one now has, and no one will ever again get, > the > >> big picture. - Daniel Geer > >> ---- > > >> ---- > >> > >> -- > >> fedora-test-list mailing list > >> fedora-test-list@xxxxxxxxxx > >> To unsubscribe: > >> > > > https://www.redhat.com/mailman/listinfo/fedora-test-list > > > > Great to hear that Andrew, I thought I was the > only > > one experiencing this kind of denials with the > file_t. > > I have done touch ./autorelabel; reboot several > times > > already and that is why I submit the > setroubleshoot > > complaints. > > > > Regards, > > > > Antonio > > > > > > > ____________________________________________________________________________________ > > Never miss a thing. Make Yahoo your home page. > > http://www.yahoo.com/r/hs > > > Can you just delete these files from /tmp/ > > They may have been there before the relabel. > > restorecon and fixfiles do not touch certain > directories /tmp being one > of them. Do I remove everything from /tmp/? Is there a nice script that can do the job? Thanks, Antonio > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (GNU/Linux) > Comment: Using GnuPG with Fedora - > http://enigmail.mozdev.org > > iEYEARECAAYFAkfNu4MACgkQrlYvE4MpobObeQCgnNaaSY23kdHIRx9BWsLHe+YX > PrcAn3AZslkmVE/YB6VKH1x1Aupr/xAF > =ntpr > -----END PGP SIGNATURE----- > > -- > fedora-test-list mailing list > fedora-test-list@xxxxxxxxxx > To unsubscribe: > https://www.redhat.com/mailman/listinfo/fedora-test-list > ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
