Bug 524160
| Summary: | setroubleshoot: SELinux is preventing the SetroubleshootF from using potentially mislabeled files (root). | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | hectorconhache <hectorconhache> |
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | rawhide | CC: | dwalsh, jkubin, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | setroubleshoot_trace_hash:0614716d49b73c64d8886011c0000da5b3b9e3827a3245b2614806c9fc26891c | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-09-18 11:49:47 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I was only update the system with yum update Please yum update to the latest policy which has a fix for this. |
The following was filed automatically by setroubleshoot: Summary: SELinux is preventing the SetroubleshootF from using potentially mislabeled files (root). Detailed Description: SELinux has denied SetroubleshootF access to potentially mislabeled file(s) (root). This means that SELinux will not allow SetroubleshootF to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Allowing Access: If you want SetroubleshootF to access this files, you need to relabel them using restorecon -v 'root'. You might want to relabel the entire directory using restorecon -R -v 'root'. Additional Information: Source Context system_u:system_r:setroubleshoot_fixit_t:s0-s0:c0. c1023 Target Context system_u:object_r:admin_home_t:s0 Target Objects root [ dir ] Source SetroubleshootF Source Path /usr/bin/python Port <Unknown> Host (removed) Source RPM Packages python-2.6.2-1.fc12 Target RPM Packages filesystem-2.4.27-1.fc12 Policy RPM selinux-policy-3.6.26-8.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name home_tmp_bad_labels Host Name (removed) Platform Linux (removed) 2.6.31-0.125.4.2.rc5.git2.fc12.i686 #1 SMP Tue Aug 11 21:20:05 EDT 2009 i686 i686 Alert Count 1 First Seen Fri 18 Sep 2009 02:23:06 AM CDT Last Seen Fri 18 Sep 2009 02:23:06 AM CDT Local ID a55a4801-a5c5-4f8d-b06e-740149b7b30d Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1253258586.972:41120): avc: denied { search } for pid=18276 comm="SetroubleshootF" name="root" dev=dm-0 ino=277 scontext=system_u:system_r:setroubleshoot_fixit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1253258586.972:41120): arch=40000003 syscall=195 success=no exit=-2 a0=9663c48 a1=bf9fd00c a2=4b4ff4 a3=9663c48 items=0 ppid=18275 pid=18276 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="SetroubleshootF" exe="/usr/bin/python" subj=system_u:system_r:setroubleshoot_fixit_t:s0-s0:c0.c1023 key=(null) audit2allow suggests: #============= setroubleshoot_fixit_t ============== allow setroubleshoot_fixit_t admin_home_t:dir search;