Bug 239722
| Summary: | SELinux is preventing /usr/bin/updatedb (locate_t) "search" to / (dosfs_t | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | M. A. MacLain <mgml> |
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED RAWHIDE | QA Contact: | Ben Levenson <benl> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | dwalsh |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-09-12 17:00:45 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Fixed in selinux-policy-2.6.4-1.fc7 ALready fixed in rawhide |
Description of problem: SummarySELinux is preventing /usr/bin/updatedb (locate_t) "search" to / (dosfs_t).Detailed DescriptionSELinux denied access requested by /usr/bin/updatedb. It is not expected that this access is required by /usr/bin/updatedb and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.Allowing AccessSometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /, restorecon -v / If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package.Additional InformationSource Context: system_u:system_r:locate_tTarget Context: system_u:object_r:dosfs_tTarget Objects: / [ dir ]Affected RPM Packages: mlocate-0.16-1 [application]filesystem-2.4.6-1.fc7 [target]Policy RPM: selinux-policy-2.6.1-1.fc7Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: EnforcingPlugin Name: plugins.catchall_fileHost Name: dhcppc0Platform: Linux dhcppc0 2.6.21-1.3116.fc7 #1 SMP Thu Apr 26 10:36:44 EDT 2007 i686 i686Alert Count: 0First Seen: Thu 10 May 2007 01:08:21 PM EDTLast Seen: Thu 10 May 2007 01:08:21 PM EDTLocal ID: fd4e5874-ce95-4416-9ae4-03083d5be3ccLine Numbers: Raw Audit Messages :avc: denied { search } for comm="updatedb" dev=sda6 egid=0 euid=0 exe="/usr/bin/updatedb" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="/" pid=4420 scontext=system_u:system_r:locate_t:s0 sgid=0 subj=system_u:system_r:locate_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:dosfs_t:s0 tty=(none) uid=0 Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: