Description of problem: Summary: SELinux is preventing the tmpwatch(/usr/sbin/tmpwatch) from using potentially mislabeled files (/tmp/xinetd.diff). Detailed Description: [SELinux in permissive mode, the operation would have been denied but was permitted due to enforcing mode.] SELinux has denied tmpwatch(/usr/sbin/tmpwatch) access to potentially mislabeled file(s) (/tmp/xinetd.diff). This means that SELinux will not allow tmpwatch(/usr/sbin/tmpwatch) to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Allowing Access: If you want tmpwatch(/usr/sbin/tmpwatch) to access this files, you need to relabel them using restorecon -v /tmp/xinetd.diff. You might want to relabel the entire directory using restorecon -R -v /tmp. Additional Information: Source Context system_u:system_r:tmpreaper_t:SystemLow-SystemHigh Target Context root:object_r:user_home_t Target Objects /tmp/xinetd.diff [ file ] Source tmpwatch(/usr/sbin/tmpwatch) Port <Unknown> Host hubmaier.ceplovi.cz Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.2.5-20.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name home_tmp_bad_labels Host Name hubmaier.ceplovi.cz Platform Linux hubmaier.ceplovi.cz 2.6.24-9.fc9 #1 SMP Tue Jan 29 17:45:59 EST 2008 x86_64 x86_64 Alert Count 1 First Seen Pá 1. únor 2008, 05:03:33 CET Last Seen Pá 1. únor 2008, 05:03:33 CET Local ID 3df97932-1d62-4e13-883a-8abd1d9a749e Line Numbers Raw Audit Messages host=hubmaier.ceplovi.cz type=AVC msg=audit(1201838613.581:420): avc: denied { getattr } for pid=12960 comm="tmpwatch" path="/tmp/xinetd.diff" dev=dm-1 ino=3601034 scontext=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 tcontext=root:object_r:user_home_t:s0 tclass=file host=hubmaier.ceplovi.cz type=SYSCALL msg=audit(1201838613.581:420): arch=c000003e syscall=6 success=yes exit=0 a0=604353 a1=7fff71f49980 a2=7fff71f49980 a3=393292b542 items=0 ppid=12958 pid=12960 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 key=(null) Version-Release number of selected component (if applicable): tmpwatch-2.9.12-2.x86_64 selinux-policy-targeted-3.2.5-20.fc9.noarch How reproducible: 100% Steps to Reproduce: 1.copy a file from somewhere into /tmp 2. 3. Actual results: tmpwatch files to remove when the time is right for removal Expected results: whatever falls into /tmp should be deemed dead with actual death postponed a little bit ;-) Additional info: Dan, how much is the attached patch totally loonie from the SELinux point of view?
Created attachment 293717 [details] Proposed fix
Two things, First this will work, since /tmp/XYZ is labeled <<none>> Which tells restorecon to do nothing. You can test this out by running your example above. secondly if this did work, it would not work for the people who worry about security since it would open a channel for downgrading data. I could take a top secret document, put it in /tmp and remove the topsecret classification. Finally certain files in /tmp have labels in /tmp that we want to maintain. For example kerberos host cache files. I think a better fix would be to allow tmpreaper to read/delete user home directory files, since I have been telling people that /tmp is for use by normal users, it would not be surprising for a normal user to mv files from his home dir to /tmp.
Fixed in selinux-policy-3.2.5-25.fc9