Bug 441035
| Summary: | tmpwatcher complaints | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Need Real Name <lsof> |
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | rawhide | CC: | jkubin |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-04-06 09:56:10 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
You have a mislabeled file out on /tmp. Some how this file got there with out a label, you should either remove the file or label it using chcon -t tmp_t /tmp/virtual-user* Then surely the bug is that the file was not labelled? There is also a file put there by seahorse. Was the file put there by seahorce mislabeled? Was this an upgraded machine from a machine that was not running SELinux? Relabeling of a machine does not effect the contents of /tmp, So in some cases garbage remains from when the system had SELinux turned on. These files have to be handled manually. We used to just delete the contents of /tmp, but this was considered too dangerous. You should not see newly created files with the label of file_t. I will give tmpreaper/tmpwatch the ability to delete these files. Yes it was from an upgrade, but dont worry about changing tmpwatch it sounds racey. No it just gives the ability fro tmpwatch to handle mislabeled/unlabeled files in /tmp. |
host=box type=AVC msg=audit(1207396183.24:1069): avc: denied { setattr } for pid=19533 comm="tmpwatch" name="virtual-usr.vCdbou" dev=sda2 ino=19136723 scontext=system_u:system_r:tmpreaper_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir host=box type=SYSCALL msg=audit(1207396183.24:1069): arch=40000003 syscall=30 success=yes exit=0 a0=804ac62 a1=bfb7a5e4 a2=0 a3=8fdf5a8 items=0 ppid=19531 pid=19533 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0 key=(null)