Description of problem: This is appearing 65 times in SE Troubleshooter, I tried to run the command restorecon -v /usr/share/zoneinfo/GMT lstat(/usr/share/zoneinfo/GMT)and received : failed: Input/output error SELinux denied access requested by /usr/sbin/smartd. It is not expected that this access is required by /usr/sbin/smartd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /usr/share/zoneinfo/GMT, restorecon -v /usr/share/zoneinfo/GMT If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Not to see this in SE Troubleshooter anymore. Additional info: Source Context: system_u:system_r:fsdaemon_tTarget Context: system_u:object_r:unlabeled_tTarget Objects: /usr/share/zoneinfo/GMT [ file ]Affected RPM Packages: smartmontools-5.37-3.2.fc7 [application]tzdata-2007h-1.fc7 [target]Policy RPM: selinux-policy-2.6.4-48.fc7Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: EnforcingPlugin Name: plugins.catchall_fileHost Name: timmieland.privatePlatform: Linux timmieland.private 2.6.22.9-91.fc7 #1 SMP Thu Sep 27 23:10:59 EDT 2007 i686 athlonAlert Count: 65First Seen: Sat 13 Oct 2007 07:15:10 PM MDTLast Seen: Thu 25 Oct 2007 10:51:23 PM MDTLocal ID: 241bb63e-542c-47f9-a4d8-caa51a165315Line Numbers: Raw Audit Messages :avc: denied { getattr } for comm="smartd" dev=dm-0 egid=0 euid=0 exe="/usr/sbin/smartd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="GMT" path="/usr/share/zoneinfo/GMT" pid=2894 scontext=system_u:system_r:fsdaemon_t:s0 sgid=0 subj=system_u:system_r:fsdaemon_t:s0 suid=0 tclass=file tcontext=system_u:object_r:unlabeled_t:s0 tty=(none) uid=0
Is this file on a different file system? Try #setenforce 0 restorecon -R -v /usr/share/zoneinfo/GMT #setenforce 1
(In reply to comment #1) > Is this file on a different file system? Not that I know of, if I run: locate /usr/share/zoneinfo/GMT /usr/share/zoneinfo/GMT /usr/share/zoneinfo/GMT+0 /usr/share/zoneinfo/GMT-0 /usr/share/zoneinfo/GMT0 > Try > #setenforce 0 > restorecon -R -v /usr/share/zoneinfo/GMT > #setenforce 1 > > > Tried it and got setenforce 0 restorecon -R -v /usr/share/zoneinfo/GMT restorecon: /usr/share/zoneinfo/GMT: Input/output error restorecon -R -v /usr/share/zoneinfo/GMT restorecon: /usr/share/zoneinfo/GMT: Input/output error setenforce 1 I also ran ./autorelabel; reboot and no change.
Any ideas?
(In reply to comment #3) > Any ideas? I've tried installing the debug package for smartmontools, maybe that will show something.
I think the problem is you have either something bad on the disk os something wrong with your system. The system is not allowing you to set the extended attributes on a file. What does chcon system_u:object_r:locale_t /usr/share/zoneinfo/GMT Get you? What does # lsattr /usr/share/zoneinfo/GMT -------------- /usr/share/zoneinfo/GMT Show?
I take it this bug has been fixed?
(In reply to comment #6) > I take it this bug has been fixed? No it hasn't been fixed. Sorry about the delay in the reply. In answer to your earlier questions: [root@timmieland ~]# chcon system_u:object_r:locale_t /usr/share/zoneinfo/GMT chcon: /usr/share/zoneinfo/GMT: No such file or directory [root@timmieland ~]# lsattr /usr/share/zoneinfo/GMT lsattr: No such file or directory while trying to stat /usr/share/zoneinfo/GMT SE trouble shooter still shows: Summary SELinux is preventing /usr/sbin/smartd (fsdaemon_t) "getattr" to /usr/share/zoneinfo/GMT (unlabeled_t). Detailed Description SELinux denied access requested by /usr/sbin/smartd. It is not expected that this access is required by /usr/sbin/smartd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /usr/share/zoneinfo/GMT, restorecon -v /usr/share/zoneinfo/GMT If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:fsdaemon_t Target Context system_u:object_r:unlabeled_t Target Objects /usr/share/zoneinfo/GMT [ file ] Affected RPM Packages smartmontools-5.37-3.2.fc7 [application]tzdata- 2007h-1.fc7 [target] Policy RPM selinux-policy-2.6.4-48.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall_file Host Name timmieland.private Platform Linux timmieland.private 2.6.22.9-91.fc7 #1 SMP Thu Sep 27 23:10:59 EDT 2007 i686 athlon Alert Count 10 First Seen Sun 28 Oct 2007 09:11:42 PM MDT Last Seen Tue 30 Oct 2007 09:45:06 PM MDT Local ID 4856488f-40de-4594-9119-fdc35bac88be Line Numbers Raw Audit Messages avc: denied { getattr } for comm="smartd" dev=dm-0 egid=0 euid=0 exe="/usr/sbin/smartd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="GMT" path="/usr/share/zoneinfo/GMT" pid=2934 scontext=system_u:system_r:fsdaemon_t:s0 sgid=0 subj=system_u:system_r:fsdaemon_t:s0 suid=0 tclass=file tcontext=system_u:object_r:unlabeled_t:s0 tty=(none) uid=0 Maybe I should file a bug against Audit or tzdata, as it appears to be an issue with those programs?
Could you try to reinstall tzdata package. Seems that something went wrong with this package.
Tried to remove it for re-installing and I received a list of dependencies a hundred miles long followed by "This transaction would cause yum to be removed. This package is vital for the basic operation of your system. If you really want to remove it, edit the list of protected packages in the file /etc/sysconfig/protected-packages or in the directory /etc/sysconfig/protected-packages.d or use the --override-protection command-line option." So short of doing a OS re-install I don't think that's going to happen .
*** This bug has been marked as a duplicate of 391281 ***