Re: SELinux is preventing access to files with the label, file_t.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
> --- Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Antonio Olivares wrote:
>>> --- Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
>>>
>>> Antonio Olivares wrote:
>>>>>> --- Andrew Farris <lordmorgul@xxxxxxxxx> wrote:
>>>>>>
>>>>>>> Antonio Olivares wrote:
>>>>>>>>>> SELinux is preventing access to files with
>> the
>>>>>>>>> label,
>>>>>>>>>> file_t.
>>>>>>>>> Is this file being created from a virtual
>>>>>>> machine? 
>>>>>>>>> How is this file
>>>>>>>>> getting there?
>>>>>>> In my case it is definitely not a virtual
>> machine
>>>>>>> (I'm not running any on that 
>>>>>>> box), but I'm seeing the same thing happen
>> with a
>>>>>>> variety of files in /tmp. 
>>>>>>> They all seem to be session data files of some
>>> type.
>>>>>>> I have hundreds of denials that happened with
>>>>>>> gconfd-2 a few days ago (socket 
>>>>>>> files in tmp mostly).  Now I see many of these
>>>>>>> accesses prevented to file_t.
>>>>>>>
>>>>>>> Files such as:
>>>>>>> ./keyring-vaxTjg
>>>>>>> /tmp/fahcore-iolock.txt  <- I'm running
>> folding
>>> at
>>>>>>> home, it is doing that
>>>>>>> ./kdecache-lordmorgul
>>>>>>> /tmp/pulse-lordmorgul/pid
>>>>>>> /tmp/banshee-NDesk.DBus.Bus.txt
>>>>>>> /tmp/gnome-system-monitor.lordmorgul.777456431
>>>>>>> ./virtual-lordmorgul.4FvBXq
>>>>>>> ./.esd-500
>>>>>>> ./fah
>>>>>>> ./virtual-lordmorgul.xxxxx/
>>>>>>>
>>>>>>> And more.  These are all accesses denied to
>>>>>>> /usr/sbin/tmpwatch, files (normal 
>>>>>>> and sockets) and directories all labeled
>> file_t.
>>>>>>> This list is about a third of the denials I've
>>> seen
>>>>>>> pop up just this morning. 
>>>>>>> I've seen this occurring for several days (if
>> not
>>>>>>> more than a week) just have 
>>>>>>> not dealt with it yet.  The issue is probably
>> not
>>> a
>>>>>>> very recent change.  I've 
>>>>>>> had several relabels, new kernels, and new
>> policy
>>>>>>> while seeing this same issue, 
>>>>>>> many denials to /usr/bin/tmpwatch for file_t.
>>>>>>>
>>>>>>> -- 
>>>>>>> Andrew Farris <lordmorgul@xxxxxxxxx>
>>>>>>> www.lordmorgul.net
>>>>>>>   gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27
>> 40DF
>>>>>>> 707E A2E0 F0F6 E622 C99B 1DF3
>>>>>>> No one now has, and no one will ever again
>> get,
>>> the
>>>>>>> big picture. - Daniel Geer
>>>>>>> ----                                          
>>   
>>>   
>>>>>>>                       ----
>>>>>>>
>>>>>>> -- 
>>>>>>> fedora-test-list mailing list
>>>>>>> fedora-test-list@xxxxxxxxxx
>>>>>>> To unsubscribe: 
>>>>>>>
> https://www.redhat.com/mailman/listinfo/fedora-test-list
>>>>>> Great to hear that Andrew, I thought I was the
>>> only
>>>>>> one experiencing this kind of denials with the
>>> file_t.
>>>>>>  I have done touch ./autorelabel; reboot
>> several
>>> times
>>>>>> already and that is why I submit the
>>> setroubleshoot
>>>>>> complaints.  
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Antonio 
>>>>>>
>>>>>>
>>>>>>      
> ____________________________________________________________________________________
>>>>>> Never miss a thing.  Make Yahoo your home page.
>>>>>> http://www.yahoo.com/r/hs
>>>>>>
>>> Can you just delete these files from /tmp/
>>>
>>> They may have been there before the relabel.
>>>
>>> restorecon and fixfiles do not touch certain
>>> directories /tmp being one
>>> of them.
>>>
>>>> Do I remove everything from /tmp/?
>>>> Is there a nice script that can do the job?
>> I use tmpfs for /tmp.  So mine dissapears every time
>> I reboot.
>>
>> rm -rf /tmp/*
>> rm -rf /tmp/.??*
>>
>> Should get rid of almost everything.
>>>> Thanks,
> 
> Before I do that, there are some weird files
> 
> [olivares@localhost ~]$ ls /tmp/ -l
> total 348
> drwx------ 2 gdm      gdm      4096 2008-03-04 10:49
> gconfd-gdm
> drwx------ 3 olivares olivares 4096 2008-03-04 11:04
> gconfd-olivares
> drwx------ 2 root     root     4096 2008-03-04 15:13
> gconfd-root
> drwxr-xr-x 2 olivares olivares 4096 2008-03-04 15:12
> hsperfdata_olivares
> srwx------ 1 olivares olivares    0 2007-05-30 17:15
> jpsock.160_01.3063
> drwx------ 2 olivares olivares 4096 2008-03-04 11:04
> keyring-3YpHWB
> drwx------ 2 olivares olivares 4096 2007-08-21 17:50
> keyring-98YPsV
> drwx------ 2 student  student  4096 2007-10-04 07:44
> keyring-9cnsqN
> drwx------ 2 olivares olivares 4096 2008-01-07 10:31
> keyring-gATNwh
> drwx------ 2 olivares olivares 4096 2007-04-30 09:16
> keyring-nvojTj
> drwx------ 2 olivares olivares 4096 2008-03-04 12:55
> ksocket-olivares7bWMhJ
> srwxrwxr-x 1 olivares olivares    0 2008-01-21 14:34
> mapping-olivares
> srwxr-xr-x 1 root     root        0 2008-01-11 07:25
> mapping-root
> srwxrwxr-x 1 student  student     0 2007-12-05 19:27
> mapping-student
> drwx------ 2 olivares olivares 4096 2008-03-04 16:10
> orbit-olivares
> drwx------ 2 root     root     4096 2008-03-04 15:13
> orbit-root
> srwxr-xr-x 1 root     root        0 2007-12-04 08:11
> OSL_PIPE_0_2bd020fe1587dc999ece75f37f2ff4053b66fda170866d8b66cc89b9ad618d
> drwx------ 2 olivares olivares 4096 2008-03-04 11:04
> pulse-olivares
> srwxrwxr-x 1 olivares olivares    0 2007-12-04 07:32
> sound-juicer.olivares.2013114191
> drwx------ 2 olivares olivares 4096 2008-03-04 11:04
> ssh-AeyUZg2591
> drwx------ 2 olivares olivares 4096 2008-02-25 06:41
> virtual-olivares.0IrJXJ
> drwx------ 2 olivares olivares 4096 2008-02-25 20:04
> virtual-olivares.0IsbF2
> drwx------ 2 olivares olivares 4096 2007-12-17 19:43
> virtual-olivares.1dNZIJ
> drwx------ 2 olivares olivares 4096 2008-03-03 15:57
> virtual-olivares.60DrNY
> drwx------ 2 olivares olivares 4096 2008-02-28 07:05
> virtual-olivares.7Eg67N
> drwx------ 2 olivares olivares 4096 2008-03-04 11:04
> virtual-olivares.7S43Ml
> drwx------ 2 olivares olivares 4096 2008-02-29 08:42
> virtual-olivares.BbWGxV
> drwx------ 2 olivares olivares 4096 2008-02-27 13:01
> virtual-olivares.cRrDgh
> drwx------ 2 olivares olivares 4096 2008-02-28 08:46
> virtual-olivares.DErTwi
> drwx------ 2 olivares olivares 4096 2008-02-29 07:13
> virtual-olivares.FsTki9
> drwx------ 2 olivares olivares 4096 2008-02-26 06:54
> virtual-olivares.G2sbHC
> drwx------ 2 olivares olivares 4096 2008-02-25 06:42
> virtual-olivares.glOezL
> drwx------ 2 olivares olivares 4096 2008-02-27 13:00
> virtual-olivares.hkTtsA
> drwx------ 2 olivares olivares 4096 2008-02-25 07:22
> virtual-olivares.JraxKG
> drwx------ 2 olivares olivares 4096 2008-03-03 19:52
> virtual-olivares.JZpc0I
> drwx------ 2 olivares olivares 4096 2008-02-23 13:06
> virtual-olivares.OmUC1A
> drwx------ 2 olivares olivares 4096 2008-02-28 13:57
> virtual-olivares.oSpn4q
> drwx------ 2 olivares olivares 4096 2007-12-18 06:49
> virtual-olivares.p28akz
> drwx------ 2 olivares olivares 4096 2008-02-23 13:07
> virtual-olivares.RhlZSn
> drwx------ 2 olivares olivares 4096 2008-02-28 06:44
> virtual-olivares.s23xtq
> drwx------ 2 olivares olivares 4096 2008-03-04 08:16
> virtual-olivares.s7oLmz
> drwx------ 2 olivares olivares 4096 2008-02-25 20:08
> virtual-olivares.v3OWZp
> drwx------ 2 olivares olivares 4096 2008-03-03 07:40
> virtual-olivares.vqBGWb
> drwx------ 2 olivares olivares 4096 2008-03-04 08:20
> virtual-olivares.VV5Brr
> drwx------ 2 olivares olivares 4096 2008-02-25 07:23
> virtual-olivares.wIcOer
> drwx------ 2 olivares olivares 4096 2008-02-28 07:06
> virtual-olivares.WRWIoq
> drwx------ 2 olivares olivares 4096 2007-12-14 19:20
> virtual-olivares.y45zjf
> drwx------ 2 olivares olivares 4096 2008-02-25 07:24
> virtual-olivares.ytSiIX
> 
> Are these files important?
>
Well you will probably need a reboot after you delete the files.  But if
they are in /tmp they should be temporary.

But if you just want to get rid of the file_t files

The following will print the names

# find /tmp -context "*:file_t*"

This command will delete.

# find /tmp -context "*:file_t*" -exec rm {} \; -print

> How do I use tmpfs for /tmp ?
> 
 grep /tmp /etc/fstab
tmpfs         /tmp	tmpfs   defaults        0 0

> I have heard of it, but never understood how it
> work(s)(ed)
> 
> Regards,
> 
> Antonio 
> 
> 
>       ____________________________________________________________________________________
> Be a better friend, newshound, and 
> know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfNzxsACgkQrlYvE4MpobNC+wCg4spMpvob1UebOeGsElD/XbQO
0xYAoKNHtwOxm1XbURTri4NCaq2OWVdi
=+YKN
-----END PGP SIGNATURE-----

-- 
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: 
https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux