-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Antonio Olivares wrote: > --- Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > > Antonio Olivares wrote: >>>> --- Andrew Farris <lordmorgul@xxxxxxxxx> wrote: >>>> >>>>> Antonio Olivares wrote: >>>>>>>> SELinux is preventing access to files with the >>>>>>> label, >>>>>>>> file_t. >>>>>>> Is this file being created from a virtual >>>>> machine? >>>>>>> How is this file >>>>>>> getting there? >>>>> In my case it is definitely not a virtual machine >>>>> (I'm not running any on that >>>>> box), but I'm seeing the same thing happen with a >>>>> variety of files in /tmp. >>>>> They all seem to be session data files of some > type. >>>>> I have hundreds of denials that happened with >>>>> gconfd-2 a few days ago (socket >>>>> files in tmp mostly). Now I see many of these >>>>> accesses prevented to file_t. >>>>> >>>>> Files such as: >>>>> ./keyring-vaxTjg >>>>> /tmp/fahcore-iolock.txt <- I'm running folding > at >>>>> home, it is doing that >>>>> ./kdecache-lordmorgul >>>>> /tmp/pulse-lordmorgul/pid >>>>> /tmp/banshee-NDesk.DBus.Bus.txt >>>>> /tmp/gnome-system-monitor.lordmorgul.777456431 >>>>> ./virtual-lordmorgul.4FvBXq >>>>> ./.esd-500 >>>>> ./fah >>>>> ./virtual-lordmorgul.xxxxx/ >>>>> >>>>> And more. These are all accesses denied to >>>>> /usr/sbin/tmpwatch, files (normal >>>>> and sockets) and directories all labeled file_t. >>>>> >>>>> This list is about a third of the denials I've > seen >>>>> pop up just this morning. >>>>> I've seen this occurring for several days (if not >>>>> more than a week) just have >>>>> not dealt with it yet. The issue is probably not > a >>>>> very recent change. I've >>>>> had several relabels, new kernels, and new policy >>>>> while seeing this same issue, >>>>> many denials to /usr/bin/tmpwatch for file_t. >>>>> >>>>> -- >>>>> Andrew Farris <lordmorgul@xxxxxxxxx> >>>>> www.lordmorgul.net >>>>> gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF >>>>> 707E A2E0 F0F6 E622 C99B 1DF3 >>>>> No one now has, and no one will ever again get, > the >>>>> big picture. - Daniel Geer >>>>> ---- > >>>>> ---- >>>>> >>>>> -- >>>>> fedora-test-list mailing list >>>>> fedora-test-list@xxxxxxxxxx >>>>> To unsubscribe: >>>>> >> https://www.redhat.com/mailman/listinfo/fedora-test-list >>>> Great to hear that Andrew, I thought I was the > only >>>> one experiencing this kind of denials with the > file_t. >>>> I have done touch ./autorelabel; reboot several > times >>>> already and that is why I submit the > setroubleshoot >>>> complaints. >>>> >>>> Regards, >>>> >>>> Antonio >>>> >>>> >>>> >> ____________________________________________________________________________________ >>>> Never miss a thing. Make Yahoo your home page. >>>> http://www.yahoo.com/r/hs >>>> > Can you just delete these files from /tmp/ > > They may have been there before the relabel. > > restorecon and fixfiles do not touch certain > directories /tmp being one > of them. > >> Do I remove everything from /tmp/? > >> Is there a nice script that can do the job? > I use tmpfs for /tmp. So mine dissapears every time I reboot. rm -rf /tmp/* rm -rf /tmp/.??* Should get rid of almost everything. >> Thanks, > >> Antonio >> - -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: >> > https://www.redhat.com/mailman/listinfo/fedora-test-list > ____________________________________________________________________________________ > Be a better friend, newshound, and > know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkfNx+IACgkQrlYvE4MpobOA2QCgsdKRLP0QsnWvzP+7Uot8B3pB f0UAoJsbiCUrQu1iNhyEQnfPK0KBqYHe =qB22 -----END PGP SIGNATURE----- -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
