Bug 588390
Summary: | SELinux is preventing /bin/cp "relabelfrom" access on /var/lib/misc/prelink.quick. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | chrys87 |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 13 | CC: | crn1, dwalsh, haanjdj, mgrepl, ulrich.hobelmann, ultima.ratio.regum69, walovaton |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:0286770154e8778a5f148454a354f56b703a4c23fba50e25c354544895612688 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-10-01 06:09:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
chrys87
2010-05-03 16:01:21 UTC
yum update This error still shows in my F13 install. Please attach the AVC information. ausearch -m avc -ts recent Summary: SELinux is preventing /bin/cp "relabelfrom" access on /var/lib/prelink/quick. Detailed Description: SELinux denied access requested by cp. It is not expected that this access is required by cp and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:prelink_cron_system_t:s0-s0:c0.c 1023 Target Context unconfined_u:object_r:prelink_var_lib_t:s0 Target Objects /var/lib/prelink/quick [ file ] Source cp Source Path /bin/cp Port <Unknown> Host bogomip.badmuts.org Source RPM Packages coreutils-8.4-8.fc13 Target RPM Packages prelink-0.4.3-3.fc13 Policy RPM selinux-policy-3.7.19-47.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name bogomip.badmuts.org Platform Linux bogomip.badmuts.org 2.6.33.6-147.2.4.fc13.x86_64 #1 SMP Fri Jul 23 17:14:44 UTC 2010 x86_64 x86_64 Alert Count 2 First Seen Wed 18 Aug 2010 03:07:54 PM CEST Last Seen Wed 18 Aug 2010 03:07:54 PM CEST Local ID 7727bf05-ffa3-4ceb-8c36-b619222b6701 Line Numbers Raw Audit Messages node=bogomip.badmuts.org type=AVC msg=audit(1282136874.53:25194): avc: denied { relabelfrom } for pid=9986 comm="cp" name="quick" dev=dm-0 ino=253311 scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:prelink_var_lib_t:s0 tclass=file node=bogomip.badmuts.org type=SYSCALL msg=audit(1282136874.53:25194): arch=c000003e syscall=190 success=no exit=-13 a0=4 a1=7fff6ef6a580 a2=17b5930 a3=2b items=0 ppid=9979 pid=9986 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="cp" exe="/bin/cp" subj=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 key=(null) ausearch -m avc -ts recent outputs <no matches> This is fixed in the latest F13 policy. |