Bug 239722 - SELinux is preventing /usr/bin/updatedb (locate_t) "search" to / (dosfs_t
SELinux is preventing /usr/bin/updatedb (locate_t) "search" to / (dosfs_t
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-05-10 15:06 EDT by M. A. MacLain
Modified: 2007-11-30 17:12 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-12 13:00:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description M. A. MacLain 2007-05-10 15:06:27 EDT
Description of problem:
SummarySELinux is preventing /usr/bin/updatedb (locate_t) "search" to /
(dosfs_t).Detailed DescriptionSELinux denied access requested by
/usr/bin/updatedb. It is not expected that this access is required by
/usr/bin/updatedb and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.Allowing AccessSometimes labeling
problems can cause SELinux denials. You could try to restore the default system
file context for /, restorecon -v / If this does not work, there is currently no
automatic way to allow this access. Instead, you can generate a local policy
module to allow this access - see FAQ Or you can disable SELinux protection
altogether. Disabling SELinux protection is not recommended. Please file a bug
report against this package.Additional InformationSource
Context:  system_u:system_r:locate_tTarget
Context:  system_u:object_r:dosfs_tTarget Objects:  / [ dir ]Affected RPM
Packages:  mlocate-0.16-1 [application]filesystem-2.4.6-1.fc7 [target]Policy
RPM:  selinux-policy-2.6.1-1.fc7Selinux Enabled:  TruePolicy Type:  targetedMLS
Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  plugins.catchall_fileHost
Name:  dhcppc0Platform:  Linux dhcppc0 2.6.21-1.3116.fc7 #1 SMP Thu Apr 26
10:36:44 EDT 2007 i686 i686Alert Count:  0First Seen:  Thu 10 May 2007 01:08:21
PM EDTLast Seen:  Thu 10 May 2007 01:08:21 PM EDTLocal
ID:  fd4e5874-ce95-4416-9ae4-03083d5be3ccLine Numbers:  Raw Audit Messages :avc:
denied { search } for comm="updatedb" dev=sda6 egid=0 euid=0
exe="/usr/bin/updatedb" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="/" pid=4420
scontext=system_u:system_r:locate_t:s0 sgid=0 subj=system_u:system_r:locate_t:s0
suid=0 tclass=dir tcontext=system_u:object_r:dosfs_t:s0 tty=(none) uid=0 


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Daniel Walsh 2007-05-14 14:10:22 EDT
Fixed in selinux-policy-2.6.4-1.fc7
Comment 2 Daniel Walsh 2007-09-12 13:00:45 EDT
ALready fixed in rawhide

Note You need to log in before you can comment on or make changes to this bug.