Bug 361161 - can't restorecon
Summary: can't restorecon
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2007-11-01 01:31 UTC by Bill Nottingham
Modified: 2014-03-17 03:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-11-06 16:42:51 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Bill Nottingham 2007-11-01 01:31:31 UTC
Description of problem:

    SELinux is preventing the restorecon from using potentially mislabeled files

Detailed Description
    SELinux has denied restorecon access to potentially mislabeled file(s)
    (<Unknown>).  This means that SELinux will not allow restorecon to use these
    files.  It is common for users to edit files in their home directory or tmp
    directories and then move (mv) them to system directories.  The problem is
    that the files end up with the wrong file context which confined
    applications are not allowed to access.

Allowing Access
    If you want restorecon to access this files, you need to relabel them using
    restorecon -v <Unknown>.  You might want to relabel the entire directory
    using restorecon -R -v <Unknown>.

Additional Information        

Source Context                system_u:system_r:setfiles_t:s0
Target Context                root:object_r:sysadm_home_t:s0
Target Objects                None [ chr_file ]
Affected RPM Packages         
Policy RPM                    selinux-policy-3.0.8-42.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.home_tmp_bad_labels
Host Name                     nostromo.devel.redhat.com
Platform                      Linux nostromo.devel.redhat.com
                     #1 SMP Mon Oct 29 12:41:10
                              EDT 2007 x86_64 x86_64
Alert Count                   25
First Seen                    Wed 24 Oct 2007 12:02:58 AM EDT
Last Seen                     Wed 31 Oct 2007 09:23:27 PM EDT
Local ID                      de6e7df7-7eaf-4e50-b8e4-360c91b5d132
Line Numbers                  

Raw Audit Messages            

avc: denied { relabelto } for comm=restorecon dev=sda2 name=tty7 pid=6352
scontext=system_u:system_r:setfiles_t:s0 tclass=chr_file

Version-Release number of selected component (if applicable):


Comment 1 Daniel Walsh 2007-11-05 20:44:23 UTC
You have a chr_file in your /root directory and the system will not allow you to
relabel it.  Why do you have a chr_file there?

Comment 2 Bill Nottingham 2007-11-06 00:38:20 UTC
IIRC, it came out of a tar file, was investigating something unrelated.

Comment 3 Daniel Walsh 2007-11-06 16:42:51 UTC
So remove it and it is done.

Note You need to log in before you can comment on or make changes to this bug.