Bug 475985
| Summary: | seLinux prevents copy to /tmp/... | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Bob Horrobin <bob> |
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 9 | CC: | bob, dwalsh, jkubin, kernel-maint, mgrepl, misikeszi, quintela |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-02-27 08:54:38 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Bob Horrobin
2008-12-11 13:00:49 UTC
Some how you have an unlabeled_t file on /bin. sudo restorecon -R -v /bin Should fix. Thanks for the prompt reply. su -c "restorecon -R -v /bin" has no effect as no files are reset. What file system are you using? ls -lZ /tmp/dazukofs_test I get no response from that command! [bobhorrobin@ciro04 ~]$ ls -lZ /tmp/dazukofs_test [bobhorrobin@ciro04 ~]$ A sample from the original 'cp' errors is as follows (this might give you a clue): cp: cannot create regular file `/tmp/dazukofs_test/ypdomainname': Permission denied cp: cannot create regular file `/tmp/dazukofs_test/zcat': Permission denied I don't know if this helps as I am not sure what you mean by file system but it does show the details of the empty dazukofs_test directory. ls -lZ /tmp -rw------- bobhorrobin bobhorrobin unconfined_u:object_r:user_tmp_t:s0 1ENWLU.tmp drwxrwxr-x bobhorrobin bobhorrobin system_u:object_r:unlabeled_t:s0 dazukofs_test drwx------ bobhorrobin bobhorrobin unconfined_u:object_r:user_tmp_t:s0 gconfd-bobhorrobin drwx------ gdm gdm system_u:object_r:xdm_tmp_t:s0 gconfd-gdm ...... I have now got this to work but it does not explain the problem. I created a new directory /tmp/xx Repeated my original cp command but to the new directory /tmp/xx Removed the old directory /tmp/dazukofs_test Renamed the old directory /tmp/xx to /tmp/dazukofs_test The only difference in the sequence of commands is that I had originally mounted to /tmp/dazukofs_test directory before I did the copy. This would imply that the problem is associated with dazukofs or some interaction with dazukofs and SeLinux. mount -t dazukofs /tmp/dazukofs_test /tmp/dazukofs_test Unless you wish to persue this I suggest that we close it. I have achieved my objective. Thanks for your help. What is dazukofs? The problem is SELinux has no idea what this file ssytem is so it labels it unlabeled_t. Is this a file system that supports Extended Attributes? DazukoFS is a stackable filesystem that provides a mechanism for userspace applications to perform online file access control. It was originally developed to support online virus scanners, but could be useful for any application that wishes to perform online file access control. This will replace Dazuko which is required to run antivirus applications such as avast, avira, clam or avg. Ref: http://dazuko.dnsalias.org/wiki/index.php/Main_Page This is about all that I know. I hope that with SELinux, common sense and a good firewall much of this is unnecessary. I can't find anything that will answer you questions directly. My interest is that if I want anti-virus software I also need dazuko for it to work. As Dazuko will not work with kernel 2.6.27.. I thought that I would get ahead of the game with Dazukofs. It does not look as if they are close yet. Ok, we are going to temporarily label it as nfs_t, which will allow the operation you described above to work. eparis is working on sulutions for this file system and encryptfs to be able to handle these problems in the future, better. |