Bug 537613 (file_t)
| Summary: | SELinux is preventing access to files with the label, file_t. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Gleb Sharkunov <nocountryman> |
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED CANTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 16 | CC: | adrin.jalali, alfredo_sulb2b, brandon.gardner, cward, dan, dinosaurpicnic, dwalsh, eduard0.ec0, forthommel, fredoche, ivaka, jpopelka, lberns1, lists, maikiemajora, metayerclaire, mgrepl, milkybarsp, misek, santiago.lunar.m, satellitgo, snhemanthm, the_djmaze, tomaszgalazka2, toxn, vidaldamian |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | setroubleshoot_trace_hash:59ed9543ad3737114fd445345be803a4cfb2f43b10b1bde8d8e479a8d45f2373 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-11-16 15:26:22 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Either your entire system is badly mislabeled in which case you need to do as the setroubleshoot suggest or you have attached a home dir from a machine without SELinux support and you need to put labels on it. restorecon -R -v /home Should fix. Either way you need to fix the labels. *** Bug 537614 has been marked as a duplicate of this bug. *** *** This bug has been marked as a duplicate of bug 530925 *** *** Bug 538012 has been marked as a duplicate of this bug. *** *** Bug 538796 has been marked as a duplicate of this bug. *** *** Bug 539306 has been marked as a duplicate of this bug. *** *** Bug 539550 has been marked as a duplicate of this bug. *** *** Bug 539552 has been marked as a duplicate of this bug. *** *** Bug 539587 has been marked as a duplicate of this bug. *** *** Bug 540562 has been marked as a duplicate of this bug. *** *** Bug 540976 has been marked as a duplicate of this bug. *** *** Bug 540989 has been marked as a duplicate of this bug. *** *** Bug 540977 has been marked as a duplicate of this bug. *** *** Bug 543464 has been marked as a duplicate of this bug. *** *** Bug 543466 has been marked as a duplicate of this bug. *** *** Bug 544178 has been marked as a duplicate of this bug. *** *** Bug 544541 has been marked as a duplicate of this bug. *** *** Bug 544492 has been marked as a duplicate of this bug. *** *** Bug 544324 has been marked as a duplicate of this bug. *** *** Bug 544578 has been marked as a duplicate of this bug. *** *** Bug 544712 has been marked as a duplicate of this bug. *** *** Bug 544797 has been marked as a duplicate of this bug. *** *** Bug 544798 has been marked as a duplicate of this bug. *** *** Bug 544800 has been marked as a duplicate of this bug. *** *** Bug 544999 has been marked as a duplicate of this bug. *** *** Bug 544903 has been marked as a duplicate of this bug. *** *** Bug 544998 has been marked as a duplicate of this bug. *** *** Bug 545483 has been marked as a duplicate of this bug. *** *** Bug 545484 has been marked as a duplicate of this bug. *** *** Bug 545485 has been marked as a duplicate of this bug. *** *** Bug 545487 has been marked as a duplicate of this bug. *** *** Bug 545654 has been marked as a duplicate of this bug. *** *** Bug 545749 has been marked as a duplicate of this bug. *** *** Bug 548748 has been marked as a duplicate of this bug. *** *** Bug 548749 has been marked as a duplicate of this bug. *** well actually this happens when im trying the LFS (linux from scratch). the very steps describing the new partition creation on the free space makes this message to popup. i started off with lfs to try to understand how the whole thingy works but thanx to selinux it make all even more confusing :D SELinux just wants you to put labels on this disk. A simple restorecon would do it. SELinux does not like unlabelled disks, since it has no idea what kind of data resides on it. If this is a guide that tells you how to install it should mention SELinux. Ok, I guess LFS is a book... *** Bug 548823 has been marked as a duplicate of this bug. *** sorry for delays ;) yeah LFS is a book. www.linuxfromscratch.org however its not its fault as it is. the book assumes that you already know something about linux.. which i snot exactly my case as im just learning :) but anyways. thatx for reply.. im currently reading more about selinux and other stuff so atleast i can make sense when reporting a bug :) *** Bug 549094 has been marked as a duplicate of this bug. *** *** Bug 549340 has been marked as a duplicate of this bug. *** *** Bug 553597 has been marked as a duplicate of this bug. *** *** Bug 558823 has been marked as a duplicate of this bug. *** *** Bug 563239 has been marked as a duplicate of this bug. *** *** Bug 573491 has been marked as a duplicate of this bug. *** *** Bug 581014 has been marked as a duplicate of this bug. *** *** Bug 641153 has been marked as a duplicate of this bug. *** *** Bug 648588 has been marked as a duplicate of this bug. *** *** Bug 648588 has been marked as a duplicate of this bug. *** *** Bug 699671 has been marked as a duplicate of this bug. *** *** Bug 790574 has been marked as a duplicate of this bug. *** *** Bug 790575 has been marked as a duplicate of this bug. *** *** Bug 790576 has been marked as a duplicate of this bug. *** (In reply to comment #1) > Either your entire system is badly mislabeled in which case you need to do as > the setroubleshoot suggest or you have attached a home dir from a machine > without SELinux support and you need to put labels on it. > > restorecon -R -v /home > > Should fix. > > Either way you need to fix the labels. Thank you *** Bug 798744 has been marked as a duplicate of this bug. *** |
Summary: SELinux is preventing access to files with the label, file_t. Detailed Description: SELinux permission checks on files labeled file_t are being denied. file_t is the context the SELinux kernel gives to files that do not have a label. This indicates a serious labeling problem. No files on an SELinux box should ever be labeled file_t. If you have just added a new disk drive to the system you can relabel it using the restorecon command. Otherwise you should relabel the entire file system. Allowing Access: You can execute the following command as root to relabel your computer system: "touch /.autorelabel; reboot" Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:file_t:s0 Target Objects .dmrc [ file ] Source kdm Source Path /usr/bin/kdm Port <Unknown> Host (removed) Source RPM Packages kdm-4.3.2-1.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-41.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name file Host Name (removed) Platform Linux (removed) 2.6.31.5-127.fc12.i686.PAE #1 SMP Sat Nov 7 21:25:57 EST 2009 i686 athlon Alert Count 2 First Seen Sun 15 Nov 2009 04:14:16 AM EET Last Seen Sun 15 Nov 2009 04:14:22 AM EET Local ID 55ff6fdf-3228-49f3-813f-aff1394cec5c Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1258251262.363:27874): avc: denied { read } for pid=1505 comm="kdm" name=".dmrc" dev=sda2 ino=119 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1258251262.363:27874): arch=40000003 syscall=5 success=no exit=-13 a0=8065dbb a1=8800 a2=0 a3=1 items=0 ppid=1475 pid=1505 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="kdm" exe="/usr/bin/kdm" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.32-41.fc12,file,kdm,xdm_t,file_t,file,read audit2allow suggests: #============= xdm_t ============== allow xdm_t file_t:file read;