Re: SELinux is preventing access to files with the label, file_t.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
> --- Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> 
> Antonio Olivares wrote:
>>>> --- Andrew Farris <lordmorgul@xxxxxxxxx> wrote:
>>>>
>>>>> Antonio Olivares wrote:
>>>>>>>> SELinux is preventing access to files with the
>>>>>>> label,
>>>>>>>> file_t.
>>>>>>> Is this file being created from a virtual
>>>>> machine? 
>>>>>>> How is this file
>>>>>>> getting there?
>>>>> In my case it is definitely not a virtual machine
>>>>> (I'm not running any on that 
>>>>> box), but I'm seeing the same thing happen with a
>>>>> variety of files in /tmp. 
>>>>> They all seem to be session data files of some
> type.
>>>>> I have hundreds of denials that happened with
>>>>> gconfd-2 a few days ago (socket 
>>>>> files in tmp mostly).  Now I see many of these
>>>>> accesses prevented to file_t.
>>>>>
>>>>> Files such as:
>>>>> ./keyring-vaxTjg
>>>>> /tmp/fahcore-iolock.txt  <- I'm running folding
> at
>>>>> home, it is doing that
>>>>> ./kdecache-lordmorgul
>>>>> /tmp/pulse-lordmorgul/pid
>>>>> /tmp/banshee-NDesk.DBus.Bus.txt
>>>>> /tmp/gnome-system-monitor.lordmorgul.777456431
>>>>> ./virtual-lordmorgul.4FvBXq
>>>>> ./.esd-500
>>>>> ./fah
>>>>> ./virtual-lordmorgul.xxxxx/
>>>>>
>>>>> And more.  These are all accesses denied to
>>>>> /usr/sbin/tmpwatch, files (normal 
>>>>> and sockets) and directories all labeled file_t.
>>>>>
>>>>> This list is about a third of the denials I've
> seen
>>>>> pop up just this morning. 
>>>>> I've seen this occurring for several days (if not
>>>>> more than a week) just have 
>>>>> not dealt with it yet.  The issue is probably not
> a
>>>>> very recent change.  I've 
>>>>> had several relabels, new kernels, and new policy
>>>>> while seeing this same issue, 
>>>>> many denials to /usr/bin/tmpwatch for file_t.
>>>>>
>>>>> -- 
>>>>> Andrew Farris <lordmorgul@xxxxxxxxx>
>>>>> www.lordmorgul.net
>>>>>   gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF
>>>>> 707E A2E0 F0F6 E622 C99B 1DF3
>>>>> No one now has, and no one will ever again get,
> the
>>>>> big picture. - Daniel Geer
>>>>> ----                                             
>   
>>>>>                       ----
>>>>>
>>>>> -- 
>>>>> fedora-test-list mailing list
>>>>> fedora-test-list@xxxxxxxxxx
>>>>> To unsubscribe: 
>>>>>
>> https://www.redhat.com/mailman/listinfo/fedora-test-list
>>>> Great to hear that Andrew, I thought I was the
> only
>>>> one experiencing this kind of denials with the
> file_t.
>>>>  I have done touch ./autorelabel; reboot several
> times
>>>> already and that is why I submit the
> setroubleshoot
>>>> complaints.  
>>>>
>>>> Regards,
>>>>
>>>> Antonio 
>>>>
>>>>
>>>>      
>> ____________________________________________________________________________________
>>>> Never miss a thing.  Make Yahoo your home page. 
>>>> http://www.yahoo.com/r/hs
>>>>
> Can you just delete these files from /tmp/
> 
> They may have been there before the relabel.
> 
> restorecon and fixfiles do not touch certain
> directories /tmp being one
> of them.
> 
>> Do I remove everything from /tmp/?
> 
>> Is there a nice script that can do the job?
> 
I use tmpfs for /tmp.  So mine dissapears every time I reboot.

rm -rf /tmp/*
rm -rf /tmp/.??*

Should get rid of almost everything.
>> Thanks,
> 
>> Antonio 
>>
- --
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
>>
> https://www.redhat.com/mailman/listinfo/fedora-test-list

>       ____________________________________________________________________________________
> Be a better friend, newshound, and 
> know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfNx+IACgkQrlYvE4MpobOA2QCgsdKRLP0QsnWvzP+7Uot8B3pB
f0UAoJsbiCUrQu1iNhyEQnfPK0KBqYHe
=qB22
-----END PGP SIGNATURE-----

-- 
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: 
https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux