Bug 440012
Summary: | SELinux is preventing access to files with the label, file_t. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Matěj Cepl <mcepl> |
Component: | pulseaudio | Assignee: | Lennart Poettering <lpoetter> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | dwalsh, lkundrak, mcepl, pierre-bugzilla |
Target Milestone: | --- | Keywords: | SELinux |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-04-04 20:15:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Matěj Cepl
2008-04-01 11:25:41 UTC
And one more: Souhrn: SELinux is preventing access to files with the label, file_t. Podrobný popis: SELinux permission checks on files labeled file_t are being denied. file_t is the context the SELinux kernel gives to files that do not have a label. This indicates a serious labeling problem. No files on an SELinux box should ever be labeled file_t. If you have just added a new disk drive to the system you can relabel it using the restorecon command. Otherwise you should relabel the entire files system. Povolení přístupu: You can execute the following command as root to relabel your computer system: "touch /.autorelabel; reboot" Další informace: Kontext zdroje system_u:system_r:xdm_t:SystemLow-SystemHigh Kontext cíle system_u:object_r:file_t Objekty cíle ./pid [ file ] Zdroj pulseaudio Cesta zdroje /usr/bin/pulseaudio Port <Neznámé> Počítač viklef.ceplovi.cz RPM balíčky zdroje pulseaudio-0.9.10-1.fc9 RPM balíčky cíle RPM politiky selinux-policy-3.3.1-26.fc9 Selinux povolen True Typ politiky targeted MLS povoleno True Vynucovací režim Enforcing Název zásuvného modulu file Název počítače viklef.ceplovi.cz Platforma Linux viklef.ceplovi.cz 2.6.25-0.163.rc7.git1.fc9.i686 #1 SMP Thu Mar 27 09:56:04 EDT 2008 i686 i686 Počet uporoznění 1 Poprvé viděno Út 1. duben 2008, 11:13:19 CEST Naposledy viděno Út 1. duben 2008, 11:13:19 CEST Místní ID 1ac32fac-fc6b-44af-9ed7-b23d25d3964c Čísla řádků Původní zprávy auditu host=viklef.ceplovi.cz type=AVC msg=audit(1207041199.679:4349): avc: denied { read write } for pid=12266 comm="pulseaudio" name="pid" dev=dm-0 ino=6733720 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file host=viklef.ceplovi.cz type=SYSCALL msg=audit(1207041199.679:4349): arch=40000003 syscall=5 success=no exit=-13 a0=bf84c324 a1=28142 a2=180 a3=28142 items=0 ppid=12259 pid=12266 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) I am not sure what the first dump has to do with PA? Also, this sounds like a SELinux policy error to me? This is a labeling problem, not sure how it was created. It has nothing to do with pulseaudio. A relabel of the file system and a clearing out of /tmp should fix. |