Bug 396221

Summary:	RPM system files improperly labelled as "unconfined_u"
Product:	[Fedora] Fedora	Reporter:	Need Real Name <bugzilla>
Component:	selinux-policy-targeted	Assignee:	Daniel Walsh <dwalsh>
Status:	CLOSED NOTABUG	QA Contact:	Ben Levenson <benl>
Severity:	low	Docs Contact:
Priority:	low
Version:	8
Target Milestone:	---
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2007-11-26 16:06:49 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Need Real Name 2007-11-23 02:26:52 UTC

The following files in my fresh F8 install seem to be labeled unconfined_u,
which I assume is not right. Not sure what to do about it but wanted to point it
out at least... (I'm not really clear what the purpose of unconfined_u is but it
seems to be similar to unlabeled since I get it when untarring files stored
without extended attributes)

/etc/selinux/targeted/modules/active/modules/unconfined.pp
/etc/news/.bash_history (this is created if you ever login as user news)
/etc/sgml/sgml-docbook-3.0-1.0-32.fc8.cat
/etc/sgml/sgml-docbook-3.1-1.0-32.fc8.cat
/etc/sgml/xml-docbook-4.4-1.0-32.fc8.cat
/etc/sgml/sgml-docbook-4.4-1.0-32.fc8.cat
/etc/sgml/sgml-docbook-4.3-1.0-32.fc8.cat
/etc/sgml/xml-docbook-4.2-1.0-32.fc8.cat
/etc/sgml/sgml-docbook-4.5-1.0-32.fc8.cat
/etc/sgml/xml-docbook-4.1.2-1.0-32.fc8.cat
/etc/sgml/xml-docbook-4.5-1.0-32.fc8.cat
/etc/sgml/sgml-docbook-4.1-1.0-32.fc8.cat
/etc/sgml/sgml-docbook-4.2-1.0-32.fc8.cat
/etc/sgml/sgml-docbook-4.0-1.0-32.fc8.cat
/etc/sgml/xml-docbook-4.3-1.0-32.fc8.cat
/etc/rc.d/rc4.d/S64mysqld
/etc/rc.d/rc4.d/S95innd
/etc/rc.d/rc4.d/S78spamassassin
/etc/rc.d/rc4.d/S85httpd
/etc/rc.d/rc4.d/S90lircd
/etc/rc.d/rc4.d/K14mythbackend
/etc/rc.d/rc4.d/K21spamass-milter
/etc/rc.d/rc3.d/S64mysqld
/etc/rc.d/rc3.d/S95innd
/etc/rc.d/rc3.d/S78spamassassin
/etc/rc.d/rc3.d/S85httpd
/etc/rc.d/rc3.d/S90lircd
/etc/rc.d/rc3.d/K14mythbackend
/etc/rc.d/rc3.d/K21spamass-milter
/etc/rc.d/rc1.d/K15httpd
/etc/rc.d/rc1.d/K05innd
/etc/rc.d/rc1.d/K30spamassassin
/etc/rc.d/rc1.d/K14mythbackend
/etc/rc.d/rc1.d/K21spamass-milter
/etc/rc.d/init.d/linksysmon
/etc/rc.d/rc6.d/S64mysqld
/etc/rc.d/rc6.d/K15httpd
/etc/rc.d/rc6.d/K05innd
/etc/rc.d/rc6.d/K30spamassassin
/etc/rc.d/rc6.d/K14mythbackend
/etc/rc.d/rc6.d/K21spamass-milter
/etc/rc.d/rc2.d/K15httpd
/etc/rc.d/rc2.d/K05innd
/etc/rc.d/rc2.d/K30spamassassin
/etc/rc.d/rc2.d/K14mythbackend
/etc/rc.d/rc2.d/K21spamass-milter
/etc/rc.d/rc5.d/S64mysqld
/etc/rc.d/rc5.d/S95innd
/etc/rc.d/rc5.d/S78spamassassin
/etc/rc.d/rc5.d/S85httpd
/etc/rc.d/rc5.d/S90lircd
/etc/rc.d/rc5.d/K14mythbackend
/etc/rc.d/rc5.d/K21spamass-milter
/etc/rc.d/rc0.d/K15httpd
/etc/rc.d/rc0.d/K05innd
/etc/rc.d/rc0.d/K30spamassassin
/etc/rc.d/rc0.d/K14mythbackend
/etc/rc.d/rc0.d/K21spamass-milter

/usr/share/mythtv
/usr/share/applications/mimeinfo.cache

/usr/share/mime/.... 
[532 files - i.e. just about everything in /usr/share/mime with a few exceptions]

/usr/share/texmf-var/ls-R
/usr/share/doc/selinux-policy-3.0.8/html/system_unconfined.html
/usr/share/selinux/targeted/unconfined.pp
/usr/share/texmf/tex/latex209
/usr/share/texmf/tex/generic/bbdb
/usr/share/texmf/ls-R
/usr/share/texmf/fonts/source/local

/usr/share/icons/hicolor/...
[179 files]

/usr/share/locale/sp
/usr/share/locale/sp/LC_MESSAGES
/usr/share/texmf-config/ls-R
/usr/bin/acroread
/usr/bin/rhythmbox
/usr/bin/vncserver
/usr/bin/valgrind
/usr/lib/perl5/site_perl/5.8.8/LocaleData
/usr/lib/perl5/site_perl/5.8.8/LocaleData/cs
/usr/lib/perl5/site_perl/5.8.8/LocaleData/cs/LC_MESSAGES
/usr/lib/perl5/site_perl/5.8.8/LocaleData/it
/usr/lib/perl5/site_perl/5.8.8/LocaleData/it/LC_MESSAGES
/usr/lib/perl5/site_perl/5.8.8/LocaleData/fr
/usr/lib/perl5/site_perl/5.8.8/LocaleData/fr/LC_MESSAGES
/usr/lib/perl5/site_perl/5.8.8/LocaleData/sr
/usr/lib/perl5/site_perl/5.8.8/LocaleData/sr/LC_MESSAGES
/usr/lib/perl5/site_perl/5.8.8/LocaleData/de
/usr/lib/perl5/site_perl/5.8.8/LocaleData/de/LC_MESSAGES
/usr/lib/perl5/site_perl/5.8.8/LocaleData/es
/usr/lib/perl5/site_perl/5.8.8/LocaleData/es/LC_MESSAGES
/usr/lib/perl5/site_perl/5.8.8/LocaleData/sr@Latn
/usr/lib/perl5/site_perl/5.8.8/LocaleData/sr@Latn/LC_MESSAGES
/usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/linksysmon
/usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/linksysmon/.packlist
/usr/lib/perl5/site_perl/5.8.8/linksysmon.pm
/usr/lib/perl5/5.8.8/i386-linux-thread-multi/perllocal.pod
/usr/lib/openoffice.org/program/soffice.bin
/usr/lib/openoffice.org/program/pkgchk.bin
/usr/lib/openoffice.org/program/gnome-open-url.bin
/usr/lib/openoffice.org/program/uno.bin
/usr/lib/openoffice.org/program/simpress.bin
/usr/lib/openoffice.org/program/swriter.bin
/usr/lib/openoffice.org/program/gengal.bin
/usr/lib/openoffice.org/program/sdraw.bin
/usr/lib/openoffice.org/program/scalc.bin
/usr/lib/openoffice.org/program/spadmin.bin
/usr/lib/openoffice.org/program/setofficelang.bin
/usr/lib/openoffice.org/program/unopkg.bin
/usr/lib/openoffice.org/program/pluginapp.bin
/usr/lib/openoffice.org/program/configimport.bin
/usr/lib/mythtv
/usr/lib/firefox-2.0.0.8/plugins/nppdf.so
/usr/lib/mozilla/plugins/nppdf.so
/usr/lib/qt-3.3/plugins/sqldrivers
/usr/lib/yum-plugins/protectbase.pyc
/usr/lib/yum-plugins/kernel-module.pyc
/usr/lib/yum-plugins/changelog.pyc
/usr/lib/yum-plugins/priorities.pyc
/usr/lib/yum-plugins/fedorakmod.pyc
/usr/lib/yum-plugins/tsflags.pyc
/usr/lib/yum-plugins/allowdowngrade.pyc
/usr/lib/yum-plugins/downloadonly.pyc
/usr/lib/yum-plugins/fastestmirror.pyc
/usr/lib/yum-plugins/skip-broken.pyc


/dev/shm/pulse-shm-1400444545
/dev/shm/pulse-shm-3640921646
/dev/pts/8
/dev/pts/6
/dev/pts/7
/dev/pts/2
/dev/pts/5
/dev/pts/4
/dev/pts/1
/dev/pts/3

/lib/modules/2.6.23.1-42.fc8/updates/drivers

/opt/Adobe/Reader8/Reader/GlobalPrefs/.config
/opt/Adobe/Reader8/Reader/intellinux/lib/libbonobo-activation.so
/opt/Adobe/Reader8/Reader/intellinux/lib/libORBit-2.so
/opt/Adobe/Reader8/Reader/intellinux/lib/libbonobo-2.so
/opt/Adobe/Reader8/Reader/intellinux/lib/libldap.so
/opt/Adobe/Reader8/Reader/intellinux/lib/liblber.so
/opt/Adobe/Reader8/Reader/intellinux/lib/libgnomespeech.so

/var/log/samba/log.127.0.0.1
/var/log/samba/log.192.168.1.100
/var/log/samba/old/log.mycomputer-20071118
/var/log/samba/old/log.smbd-20071118
/var/log/samba/log.100.old
/var/log/samba/log.mycomputer
/var/log/samba/cores
/var/log/samba/cores/smbd
/var/log/samba/log.smbd
/var/log/yum.log

/var/cache/...

/var/run/sudo/myname
/var/spool/mail/mythtv

/var/spool/news/tradspool.map
/var/spool/news/overview.... [many files]
/var/spool/news/articles... [many files]

/var/lib/samba/share_info.tdb
/var/lib/samba/gencache.tdb
/var/lib/samba/locking.tdb
/var/lib/samba/account_policy.tdb
/var/lib/samba/messages.tdb
/var/lib/samba/ntforms.tdb
/var/lib/samba/connections.tdb
/var/lib/samba/brlock.tdb
/var/lib/samba/sessionid.tdb
/var/lib/samba/notify.tdb
/var/lib/samba/ntdrivers.tdb
/var/lib/samba/scripts
/var/lib/samba/registry.tdb
/var/lib/samba/perfmon
/var/lib/samba/group_mapping.tdb
/var/lib/samba/ntprinters.tdb
/var/lib/samba/printing
/var/lib/samba/printing/printers.tdb
/var/lib/samba/winbindd_idmap.tdb

/var/lib/news/tmp/doex32626
/var/lib/news/suck/data/active-ignore

/var/lib/mysql/ib_logfile1
/var/lib/mysql/ib_logfile0
/var/lib/mysql/mysql... [many files]

/var/lib/mysql/test
/var/lib/mysql/mythconverg... [many files]

/var/lib/mysql/ibdata1

Comment 1 Daniel Walsh 2007-11-26 16:06:49 UTC

unfonfined_u is the SELinux user that created the files.  I would guess that you
logged into the machine an triggered a yum update from a unconfined_u user. (the
defau;t).

This is expected and is not a bug.  It should not cause you any problems.


A full relabel would set them back to the default context or a restorecon -F.