Description of problem: I've been seeing "SELinux is preventing access to files with the label, file_t" occur quite often in the setroubleshooter browser. It;s always complaining about procmail. I have preformed its suggested action of relabelling the file system several times, but I still get this message. I have set selinux to "enforcing". See attached for the details of the message. Version-Release number of selected component (if applicable): selinux-policy-2.4.6-27.fc6 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created attachment 146505 [details] setroubleshooter output.
What file system are you using? ls -lZ /
I'm using ext3. drwxr-xr-x root root system_u:object_r:bin_t bin drwxr-xr-x root root system_u:object_r:boot_t boot drwxr-xr-x root root system_u:object_r:default_t data drwxr-xr-x root root system_u:object_r:device_t dev drwxr-xr-x root root system_u:object_r:etc_t etc drwxr-xr-x root root system_u:object_r:home_root_t home drwxr-xr-x root root system_u:object_r:lib_t lib drwx------ root root system_u:object_r:lost_found_t lost+found drwxr-xr-x root root system_u:object_r:mnt_t media drwxr-xr-x root root system_u:object_r:mnt_t misc drwxr-xr-x root root system_u:object_r:mnt_t mnt dr-xr-xr-x root root system_u:object_r:mnt_t net drwxr-xr-x root root system_u:object_r:usr_t opt dr-xr-xr-x root root system_u:object_r:proc_t proc drwxr-xr-x root root system_u:object_r:default_t Recycled drwxr-x--- root root root:object_r:user_home_dir_t root drwxr-xr-x root root system_u:object_r:sbin_t sbin drwxr-xr-x root root system_u:object_r:security_t selinux drwxr-xr-x root root system_u:object_r:var_t srv drwxr-xr-x root root system_u:object_r:sysfs_t sys drwxrwxrwt root root system_u:object_r:tmp_t tmp drwxr-xr-x root root system_u:object_r:usr_t usr drwxr-xr-x root root system_u:object_r:var_t var
The question is what file is labeled file_t? For some reason a the kernel is reporting you have a file with no label on it, and it is not being relabeled.
doing ls -lZR / | grep ":file_t" lists files in my home dir, although why does procmail wants to look there? .procmailrc? This is actually a separate encrypted ext3 partition I mount using pam_mount. I assume that dev=dm-1 means device mapper? I guess the relabelling misses this fs. Is there a way to fire off re-labelling for this device manually?
restorecon -R -v /home Should clean it up.
Ok, no more file_t's. Hopefully it'll stay that way. Thanks.