| Summary: | SELinux is preventing /sbin/setfiles from read, append access on the plik /tmp/tmpWX1ItE. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | mand0s |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 13 | CC: | bugs2rl, dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | setroubleshoot_trace_hash:11e0b2adbf930806779856fd7c4ec93cbaf8d1c3b44e7bba7b64efafd3d1ee8d | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-02-27 22:44:11 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
*** This bug has been marked as a duplicate of bug 680681 *** |
SELinux is preventing /sbin/setfiles from read, append access on the plik /tmp/tmpWX1ItE. ***** Plugin catchall (50.5 confidence) suggests *************************** If aby setfiles powinno mieć domyślnie read append dostęp do tmpWX1ItE file. Then proszę to zgłosić jako błąd. Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp. Do można tymczasowo zezwolić na ten dostęp wykonując polecenia: # grep restorecon /var/log/audit/audit.log | audit2allow -M moja_polityka # semodule -i moja_polityka.pp ***** Plugin leaks (50.5 confidence) suggests ****************************** If należy zignorować próbę dostępu setfiles read append do tmpWX1ItE file, ponieważ nie powinno to wymagać tego dostępu. Then należy zgłosić to jako błąd. Można utworzyć lokalny moduł polityki, aby zabronić ten dostęp. Do # grep /sbin/setfiles /var/log/audit/audit.log | audit2allow -D -M moja_polityka # semodule -i moja_polityka.pp Additional Information: Source Context system_u:system_r:setfiles_t:s0-s0:c0.c1023 Target Context system_u:object_r:initrc_tmp_t:s0 Target Objects /tmp/tmpWX1ItE [ file ] Source restorecon Source Path /sbin/setfiles Port <Nieznane> Host (removed) Source RPM Packages policycoreutils-2.0.83-33.1.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-76.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.34.7-66.fc13.i686.PAE #1 SMP Wed Dec 15 07:21:49 UTC 2010 i686 i686 Alert Count 2 First Seen nie, 27 lut 2011, 00:05:53 Last Seen nie, 27 lut 2011, 00:05:53 Local ID 3c0c260d-2e5e-4b3d-bd4e-3bf68e545567 Raw Audit Messages type=AVC msg=audit(1298761553.907:85): avc: denied { read append } for pid=11820 comm="restorecon" path="/tmp/tmpWX1ItE" dev=sda4 ino=1105993 scontext=system_u:system_r:setfiles_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file type=SYSCALL msg=audit(1298761553.907:85): arch=i386 syscall=execve success=yes exit=0 a0=8198cc0 a1=81956e0 a2=8195468 a3=81956e0 items=0 ppid=11735 pid=11820 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=restorecon exe=/sbin/setfiles subj=system_u:system_r:setfiles_t:s0-s0:c0.c1023 key=(null) Hash: restorecon,setfiles_t,initrc_tmp_t,file,read,append audit2allow #============= setfiles_t ============== allow setfiles_t initrc_tmp_t:file { read append }; audit2allow -R #============= setfiles_t ============== allow setfiles_t initrc_tmp_t:file { read append };