| Summary: | SELinux is preventing /usr/bin/rm from 'unlink' accesses on the file /etc/prelink.cache. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Dario Castellarin <req1348> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 20 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:a1eb7ac95f9934360795b166127d50a8ebbf7ebaf8b19c063b890e119e630d66 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-12-02 22:16:22 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Run restorecon /etc/prelink.cache No idea how it got mislabeled. |
Description of problem: Not sure, I was watching a Youtube video... SELinux is preventing /usr/bin/rm from 'unlink' accesses on the file /etc/prelink.cache. ***** Plugin restorecon (94.8 confidence) suggests ************************ If si desidera sistemare l'etichetta. L'etichetta predefinita di /etc/prelink.cache dovrebbe essere prelink_cache_t. Then è possibile avviare restorecon. Do # /sbin/restorecon -v /etc/prelink.cache ***** Plugin catchall_labels (5.21 confidence) suggests ******************* If you want to allow rm to have unlink access on the prelink.cache file Then e' necessario modificare l'etichetta su /etc/prelink.cache Do # semanage fcontext -a -t TIPO_FILE '/etc/prelink.cache' dove TIPO_FILE è uno dei seguenti: prelink_cache_t, prelink_log_t, prelink_var_lib_t, systemd_passwd_var_run_t. Quindi eseguire: restorecon -v '/etc/prelink.cache' ***** Plugin catchall (1.44 confidence) suggests ************************** If si crede che rm dovrebbe avere possibilità di accesso unlink sui prelink.cache file in modo predefinito. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do consentire questo accesso per il momento eseguendo: # grep rm /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:prelink_cron_system_t:s0-s0:c0.c 1023 Target Context unconfined_u:object_r:etc_t:s0 Target Objects /etc/prelink.cache [ file ] Source rm Source Path /usr/bin/rm Port <Unknown> Host (removed) Source RPM Packages coreutils-8.21-18.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-105.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.11.10-300.fc20.x86_64 #1 SMP Fri Nov 29 19:16:48 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-12-01 19:33:08 CET Last Seen 2013-12-01 19:33:08 CET Local ID 16aa6c5c-0029-48f5-bf6f-f97460d550c2 Raw Audit Messages type=AVC msg=audit(1385922788.523:763): avc: denied { unlink } for pid=9052 comm="rm" name="prelink.cache" dev="sda6" ino=2886794 scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file type=SYSCALL msg=audit(1385922788.523:763): arch=x86_64 syscall=unlinkat success=no exit=EACCES a0=ffffffffffffff9c a1=20ed0c0 a2=0 a3=100 items=0 ppid=9049 pid=9052 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=3 tty=(none) comm=rm exe=/usr/bin/rm subj=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 key=(null) Hash: rm,prelink_cron_system_t,etc_t,file,unlink Additional info: reporter: libreport-2.1.9 hashmarkername: setroubleshoot kernel: 3.11.10-300.fc20.x86_64 type: libreport Potential duplicate: bug 896308