Re: SELinux denial - F12

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/27/2009 07:20 AM, Kurian Thayil wrote:
> Hi,
> 
> Installed F12 and did a security update. Now, I get SELinux denial error. 
> SELinux currently in permissive mode.
> 
> Summary:
> 
> SELinux is preventing access to files with the label, file_t.
> 
> Detailed Description:
> 
> SELinux permission checks on files labeled file_t are being denied. file_t is
> the context the SELinux kernel gives to files that do not have a label. This
> indicates a serious labeling problem. No files on an SELinux box should ever be
> labeled file_t. If you have just added a new disk drive to the system you can
> relabel it using the restorecon command. Otherwise you should relabel the 
> entire
> file system.
> 
> Allowing Access:
> 
> You can execute the following command as root to relabel your computer system:
> "touch /.autorelabel; reboot"
> 
> Additional Information:
> 
> Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
> Target Context                system_u:object_r:file_t:s0
> Target Objects                /home [ dir ]
> Source                        gdm-simple-gree
> Source Path                   /usr/libexec/gdm-simple-greeter
> Port                          <Unknown>
> Host                          home-desktop
> Source RPM Packages           gdm-2.28.1-24.fc12
> Target RPM Packages           filesystem-2.4.30-2.fc12
> Policy RPM                    selinux-policy-3.6.32-41.fc12
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   file
> Host Name                     home-desktop
> Platform                      Linux home-desktop 2.6.31.5-127.fc12.i686.PAE #1
>                               SMP Sat Nov 7 21:25:57 EST 2009 i686 i686
> Alert Count                   1
> First Seen                    Thu 24 Dec 2009 02:30:08 AM IST
> Last Seen                     Thu 24 Dec 2009 02:30:08 AM IST
> Local ID                      6b1ff85c-05fe-4d37-945b-6cd2d54b92fa
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> node=home-desktop type=AVC msg=audit(1261602008.595:11510): avc:  denied  { 
> search } for  pid=1357 comm="gdm-simple-gree" name="/" dev=sda2 ino=2 
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> 
> node=home-desktop type=SYSCALL msg=audit(1261602008.595:11510): arch=40000003 
> syscall=292 success=no exit=-13 a0=12 a1=8d6f400 a2=1002fce a3=8d6ec48 items=0 
> ppid=1325 pid=1357 auid=4294967295 uid=42 gid=473 euid=42 suid=42 fsuid=42 
> egid=473 sgid=473 fsgid=473 tty=(none) ses=4294967295 comm="gdm-simple-gree" 
> exe="/usr/libexec/gdm-simple-greeter" subj=system_u:system_r:xdm_t:s0-
> s0:c0.c1023 key=(null)
> 
> Any idea why this happened after the update? What could be done to prevent 
> this. I am quite a newbie in SELinux scenario. Does, restorecon command fix 
> (restorecon /usr/libexec/gdm-simple-greeter)?

Files in your homedir are mis-labelled.  The easiest way to fix it is to

> You can execute the following command as root to relabel your computer system:
> "touch /.autorelabel; reboot"

Andrew.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux