Bug 361161

Summary: can't restorecon
Product: [Fedora] Fedora Reporter: Bill Nottingham <notting>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: rvokal
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-06 16:42:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Bill Nottingham 2007-11-01 01:31:31 UTC 
Description of problem:

Summary
    SELinux is preventing the restorecon from using potentially mislabeled files
    (<Unknown>).

Detailed Description
    SELinux has denied restorecon access to potentially mislabeled file(s)
    (<Unknown>).  This means that SELinux will not allow restorecon to use these
    files.  It is common for users to edit files in their home directory or tmp
    directories and then move (mv) them to system directories.  The problem is
    that the files end up with the wrong file context which confined
    applications are not allowed to access.

Allowing Access
    If you want restorecon to access this files, you need to relabel them using
    restorecon -v <Unknown>.  You might want to relabel the entire directory
    using restorecon -R -v <Unknown>.

Additional Information        

Source Context                system_u:system_r:setfiles_t:s0
Target Context                root:object_r:sysadm_home_t:s0
Target Objects                None [ chr_file ]
Affected RPM Packages         
Policy RPM                    selinux-policy-3.0.8-42.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.home_tmp_bad_labels
Host Name                     nostromo.devel.redhat.com
Platform                      Linux nostromo.devel.redhat.com
                              2.6.23.1-35.wl.3.fc8 #1 SMP Mon Oct 29 12:41:10
                              EDT 2007 x86_64 x86_64
Alert Count                   25
First Seen                    Wed 24 Oct 2007 12:02:58 AM EDT
Last Seen                     Wed 31 Oct 2007 09:23:27 PM EDT
Local ID                      de6e7df7-7eaf-4e50-b8e4-360c91b5d132
Line Numbers                  

Raw Audit Messages            

avc: denied { relabelto } for comm=restorecon dev=sda2 name=tty7 pid=6352
scontext=system_u:system_r:setfiles_t:s0 tclass=chr_file
tcontext=root:object_r:sysadm_home_t:s0

Version-Release number of selected component (if applicable):

selinux-policy-targeted-3.0.8-42.fc8
Comment 1 Daniel Walsh 2007-11-05 20:44:23 UTC 
You have a chr_file in your /root directory and the system will not allow you to
relabel it.  Why do you have a chr_file there?
Comment 2 Bill Nottingham 2007-11-06 00:38:20 UTC 
IIRC, it came out of a tar file, was investigating something unrelated.
Comment 3 Daniel Walsh 2007-11-06 16:42:51 UTC 
So remove it and it is done.