Bug 474771
| Summary: | (staff_u) SELinux is preventing the nautilus from using potentially mislabeled files (./.X11-unix). | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Matěj Cepl <mcepl> |
| Component: | nautilus | Assignee: | Tomáš Bžatek <tbzatek> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 10 | CC: | mcepl, tbzatek, tsmetana |
| Target Milestone: | --- | Keywords: | SELinux |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-12-22 09:24:47 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 477278 *** |
Souhrn: SELinux is preventing the nautilus from using potentially mislabeled files (./.X11-unix). Podrobný popis: SELinux has denied nautilus access to potentially mislabeled file(s) (./.X11-unix). This means that SELinux will not allow nautilus to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Povolení přístupu: If you want nautilus to access this files, you need to relabel them using restorecon -v './.X11-unix'. You might want to relabel the entire directory using restorecon -R -v './.X11-unix'. Další informace: Kontext zdroje staff_u:staff_r:staff_t:SystemLow-SystemHigh Kontext cíle system_u:object_r:xdm_xserver_tmp_t Objekty cíle ./.X11-unix [ dir ] Zdroj nautilus Cesta zdroje /usr/bin/nautilus Port <Neznámé> Počítač viklef RPM balíčky zdroje nautilus-2.24.1-3.fc10 RPM balíčky cíle RPM politiky selinux-policy-3.5.13-26.fc10 Selinux povolen True Typ politiky targeted MLS povoleno True Vynucovací režim Enforcing Název zásuvného modulu home_tmp_bad_labels Název počítače viklef Platforma Linux viklef 2.6.27.7-130.fc10.i686 #1 SMP Thu Nov 27 02:35:17 EST 2008 i686 i686 Počet upozornění 1 Poprvé viděno Pá 5. prosinec 2008, 11:29:47 CET Naposledy viděno Pá 5. prosinec 2008, 11:29:47 CET Místní ID 71a76cff-3428-4c23-be95-13e82a8adb48 Čísla řádků Původní zprávy auditu node=viklef type=AVC msg=audit(1228472987.703:157): avc: denied { write } for pid=4544 comm="nautilus" name=".X11-unix" dev=tmpfs ino=12138 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_xserver_tmp_t:s0 tclass=dir node=viklef type=SYSCALL msg=audit(1228472987.703:157): arch=40000003 syscall=33 success=no exit=-13 a0=b0796ca0 a1=2 a2=c8b25c a3=30cf6b9 items=0 ppid=2919 pid=4544 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=2 comm="nautilus" exe="/usr/bin/nautilus" subj=staff_u:staff_r:staff_t:s0-s0:c0.c1023 key=(null) ----- just for the sake of completness: [matej@viklef ~]$ ls -ldZ /tmp/.X11-unix/ drwxrwxrwt root root system_u:object_r:xdm_xserver_tmp_t /tmp/.X11-unix/ [matej@viklef ~]$