--- Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Antonio Olivares wrote: > > --- Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > > > > Antonio Olivares wrote: > >>>> --- Andrew Farris <lordmorgul@xxxxxxxxx> wrote: > >>>> > >>>>> Antonio Olivares wrote: > >>>>>>>> SELinux is preventing access to files with > the > >>>>>>> label, > >>>>>>>> file_t. > >>>>>>> Is this file being created from a virtual > >>>>> machine? > >>>>>>> How is this file > >>>>>>> getting there? > >>>>> In my case it is definitely not a virtual > machine > >>>>> (I'm not running any on that > >>>>> box), but I'm seeing the same thing happen > with a > >>>>> variety of files in /tmp. > >>>>> They all seem to be session data files of some > > type. > >>>>> I have hundreds of denials that happened with > >>>>> gconfd-2 a few days ago (socket > >>>>> files in tmp mostly). Now I see many of these > >>>>> accesses prevented to file_t. > >>>>> > >>>>> Files such as: > >>>>> ./keyring-vaxTjg > >>>>> /tmp/fahcore-iolock.txt <- I'm running > folding > > at > >>>>> home, it is doing that > >>>>> ./kdecache-lordmorgul > >>>>> /tmp/pulse-lordmorgul/pid > >>>>> /tmp/banshee-NDesk.DBus.Bus.txt > >>>>> /tmp/gnome-system-monitor.lordmorgul.777456431 > >>>>> ./virtual-lordmorgul.4FvBXq > >>>>> ./.esd-500 > >>>>> ./fah > >>>>> ./virtual-lordmorgul.xxxxx/ > >>>>> > >>>>> And more. These are all accesses denied to > >>>>> /usr/sbin/tmpwatch, files (normal > >>>>> and sockets) and directories all labeled > file_t. > >>>>> > >>>>> This list is about a third of the denials I've > > seen > >>>>> pop up just this morning. > >>>>> I've seen this occurring for several days (if > not > >>>>> more than a week) just have > >>>>> not dealt with it yet. The issue is probably > not > > a > >>>>> very recent change. I've > >>>>> had several relabels, new kernels, and new > policy > >>>>> while seeing this same issue, > >>>>> many denials to /usr/bin/tmpwatch for file_t. > >>>>> > >>>>> -- > >>>>> Andrew Farris <lordmorgul@xxxxxxxxx> > >>>>> www.lordmorgul.net > >>>>> gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 > 40DF > >>>>> 707E A2E0 F0F6 E622 C99B 1DF3 > >>>>> No one now has, and no one will ever again > get, > > the > >>>>> big picture. - Daniel Geer > >>>>> ---- > > > > >>>>> ---- > >>>>> > >>>>> -- > >>>>> fedora-test-list mailing list > >>>>> fedora-test-list@xxxxxxxxxx > >>>>> To unsubscribe: > >>>>> > >> > https://www.redhat.com/mailman/listinfo/fedora-test-list > >>>> Great to hear that Andrew, I thought I was the > > only > >>>> one experiencing this kind of denials with the > > file_t. > >>>> I have done touch ./autorelabel; reboot > several > > times > >>>> already and that is why I submit the > > setroubleshoot > >>>> complaints. > >>>> > >>>> Regards, > >>>> > >>>> Antonio > >>>> > >>>> > >>>> > >> > ____________________________________________________________________________________ > >>>> Never miss a thing. Make Yahoo your home page. > > >>>> http://www.yahoo.com/r/hs > >>>> > > Can you just delete these files from /tmp/ > > > > They may have been there before the relabel. > > > > restorecon and fixfiles do not touch certain > > directories /tmp being one > > of them. > > > >> Do I remove everything from /tmp/? > > > >> Is there a nice script that can do the job? > > > I use tmpfs for /tmp. So mine dissapears every time > I reboot. > > rm -rf /tmp/* > rm -rf /tmp/.??* > > Should get rid of almost everything. > >> Thanks, > > Before I do that, there are some weird files [olivares@localhost ~]$ ls /tmp/ -l total 348 drwx------ 2 gdm gdm 4096 2008-03-04 10:49 gconfd-gdm drwx------ 3 olivares olivares 4096 2008-03-04 11:04 gconfd-olivares drwx------ 2 root root 4096 2008-03-04 15:13 gconfd-root drwxr-xr-x 2 olivares olivares 4096 2008-03-04 15:12 hsperfdata_olivares srwx------ 1 olivares olivares 0 2007-05-30 17:15 jpsock.160_01.3063 drwx------ 2 olivares olivares 4096 2008-03-04 11:04 keyring-3YpHWB drwx------ 2 olivares olivares 4096 2007-08-21 17:50 keyring-98YPsV drwx------ 2 student student 4096 2007-10-04 07:44 keyring-9cnsqN drwx------ 2 olivares olivares 4096 2008-01-07 10:31 keyring-gATNwh drwx------ 2 olivares olivares 4096 2007-04-30 09:16 keyring-nvojTj drwx------ 2 olivares olivares 4096 2008-03-04 12:55 ksocket-olivares7bWMhJ srwxrwxr-x 1 olivares olivares 0 2008-01-21 14:34 mapping-olivares srwxr-xr-x 1 root root 0 2008-01-11 07:25 mapping-root srwxrwxr-x 1 student student 0 2007-12-05 19:27 mapping-student drwx------ 2 olivares olivares 4096 2008-03-04 16:10 orbit-olivares drwx------ 2 root root 4096 2008-03-04 15:13 orbit-root srwxr-xr-x 1 root root 0 2007-12-04 08:11 OSL_PIPE_0_2bd020fe1587dc999ece75f37f2ff4053b66fda170866d8b66cc89b9ad618d drwx------ 2 olivares olivares 4096 2008-03-04 11:04 pulse-olivares srwxrwxr-x 1 olivares olivares 0 2007-12-04 07:32 sound-juicer.olivares.2013114191 drwx------ 2 olivares olivares 4096 2008-03-04 11:04 ssh-AeyUZg2591 drwx------ 2 olivares olivares 4096 2008-02-25 06:41 virtual-olivares.0IrJXJ drwx------ 2 olivares olivares 4096 2008-02-25 20:04 virtual-olivares.0IsbF2 drwx------ 2 olivares olivares 4096 2007-12-17 19:43 virtual-olivares.1dNZIJ drwx------ 2 olivares olivares 4096 2008-03-03 15:57 virtual-olivares.60DrNY drwx------ 2 olivares olivares 4096 2008-02-28 07:05 virtual-olivares.7Eg67N drwx------ 2 olivares olivares 4096 2008-03-04 11:04 virtual-olivares.7S43Ml drwx------ 2 olivares olivares 4096 2008-02-29 08:42 virtual-olivares.BbWGxV drwx------ 2 olivares olivares 4096 2008-02-27 13:01 virtual-olivares.cRrDgh drwx------ 2 olivares olivares 4096 2008-02-28 08:46 virtual-olivares.DErTwi drwx------ 2 olivares olivares 4096 2008-02-29 07:13 virtual-olivares.FsTki9 drwx------ 2 olivares olivares 4096 2008-02-26 06:54 virtual-olivares.G2sbHC drwx------ 2 olivares olivares 4096 2008-02-25 06:42 virtual-olivares.glOezL drwx------ 2 olivares olivares 4096 2008-02-27 13:00 virtual-olivares.hkTtsA drwx------ 2 olivares olivares 4096 2008-02-25 07:22 virtual-olivares.JraxKG drwx------ 2 olivares olivares 4096 2008-03-03 19:52 virtual-olivares.JZpc0I drwx------ 2 olivares olivares 4096 2008-02-23 13:06 virtual-olivares.OmUC1A drwx------ 2 olivares olivares 4096 2008-02-28 13:57 virtual-olivares.oSpn4q drwx------ 2 olivares olivares 4096 2007-12-18 06:49 virtual-olivares.p28akz drwx------ 2 olivares olivares 4096 2008-02-23 13:07 virtual-olivares.RhlZSn drwx------ 2 olivares olivares 4096 2008-02-28 06:44 virtual-olivares.s23xtq drwx------ 2 olivares olivares 4096 2008-03-04 08:16 virtual-olivares.s7oLmz drwx------ 2 olivares olivares 4096 2008-02-25 20:08 virtual-olivares.v3OWZp drwx------ 2 olivares olivares 4096 2008-03-03 07:40 virtual-olivares.vqBGWb drwx------ 2 olivares olivares 4096 2008-03-04 08:20 virtual-olivares.VV5Brr drwx------ 2 olivares olivares 4096 2008-02-25 07:23 virtual-olivares.wIcOer drwx------ 2 olivares olivares 4096 2008-02-28 07:06 virtual-olivares.WRWIoq drwx------ 2 olivares olivares 4096 2007-12-14 19:20 virtual-olivares.y45zjf drwx------ 2 olivares olivares 4096 2008-02-25 07:24 virtual-olivares.ytSiIX Are these files important? How do I use tmpfs for /tmp ? I have heard of it, but never understood how it work(s)(ed) Regards, Antonio ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
