Re: Selinux labelling problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

A thing I just tried: if I run "setfiles -n" it gives me the wrong
labels for the files:
setfiles -nd /etc/selinux/targeted/contexts/files/file_contexts
'/var/lib/xenstored'
setfiles:  /var/lib/xenstored matched by
unconfined_u:object_r:unconfined_home_dir_t:s0
setfiles:  /var/lib/xenstored/tdb matched by
unconfined_u:object_r:unconfined_home_t:s0
filespec_eval:  hash table stats: 2 elements, 2/65536 buckets used,
longest chain length 1

In /etc/selinux/targeted/contexts/files/file_contexts I have the
following two entries for that directory:
/var/lib/xenstored(/.*)?        system_u:object_r:xenstored_var_lib_t:s0
/var/run/xenstored(/.*)?        system_u:object_r:xenstored_var_run_t:s0

It sounds like it's not matching the entries in the file...

Here is the AVC message related to xenstored, but I have many others!

type=AVC msg=audit(1204647044.542:940): avc:  denied  { unlink } for
pid=2322 comm="xenstored" name="tdb" dev=sda8 ino=704271
scontext=system_u:system_r:xenstored_t:s0
tcontext=system_u:object_r:unconfined_home_dir_t:s0 tclass=file
type=SYSCALL msg=audit(1204647044.542:940): arch=c000003e syscall=82
success=yes exit=0 a0=815480 a1=613780 a2=613796 a3=40da82 items=0
ppid=1 pid=2322 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="xenstored" exe="/usr/sbin/xenstored"
subj=system_u:system_r:xenstored_t:s0 key=(null)

Thanks for your help.

Best regards,
	Alberto Ferrante

|> > during the last days I have been experiencing some strange problems
on a
|> > pre-production server (planned to become a production one this
week...).
|> > I am running xen with two virtual hosts. The problem is in the real
host
|> > where something with selinux seems to have gone bad. I started having
|> > selinux blocking different file accesses from different services. I
|> > tried a full relabeling (the problems started after the last targeted
|> > policy update made by yum) but it did not work. It seems like
restorecon
|> > always assigns the unconfined_u:object_r:unconfined_home_t label to all
|> > the files. I am using the targeted policy. Please give advices on
how to
|> > solve this problem.
|> >
| Please attach the AVC messages from the audit.log.  What directory is
| labeled unconfined_home_t?

- --
Home page: http://www.alari.ch/people/alberto/personal
Flickr gallery: http://www.flickr.com/photos/albertof
Public key: http://www.alari.ch/people/alberto/pubkey.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (GNU/Linux)

iQIcBAEBCAAGBQJHzXVaAAoJEGwAj6ArCn4kuEcP/A7r+oohJhumGvK2uPuDg5jl
f/IeLI/TZszd98T7bK0AOIXu/TsDA6rZgaj30561kqGdYfc4xFRIX6hmlDm9cw58
NkKnTnIDiFdUuzTLWyU8hVpT1yKyfMLhxL/tH7T8f2Xq9g2ZX7l1bF6PtqTeHV0G
e3yHFXPhgWBbjKTt763CccpCYzaDp4bd6zGrGcal0k/pzxETnEO8a4jup4mrbuZf
JRK7xlIuOzS9UmLmoHTKTbhddzXyXPZlkDnrwFUEReawfoms/i2NU5dfGU1dkspC
L0bH+J08Ma4AS2y0EvSMJUTWl/cIHXwunE+o4g/47Vhc2podP2oKu5AstWUomiuS
d/3gQdMaquCEK8zOAQDDYBB46nsVHfSqCqqqw9HjVkLdKKj/vAs85Lu5XLMy4HP5
duGDN0kW4rsseKkTK5b41s83Par9WMB3OvV8yyXlEmhLwyCOekcqqepPKw/StkXf
k+nTWhJmqsYSrM0Yxup2ccKnHel3w/uhECCOlHMzhYymEsBV1wvDkOI2Biuml5Zf
PJQJrCnOVa2414ssz01d05oIfCO9dXGoAa47wz4ju5kGOKdQpY8FaRx/P00C+c7d
K4Nmy2/tVgAiBQcQlZCnMGmLEQTNxvbL3CroIHZ12Pzfw+0qlstK4UGbKteL/gkR
0gmgyGO/0hRdkh6XppgU
=zByb
-----END PGP SIGNATURE-----


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux