Red Hat Bugzilla – Bug 433239
wicd conflitt
Last modified: 2011-11-14 13:53:11 EST
Sommario SELinux ha impedito l'accesso a /var/log/wicd.log da parte di /sbin/setfiles "write". Descrizione dettagliata SELinux is preventing /sbin/setfiles (setfiles_t) "write" to /var/log/wicd.log (var_log_t). The SELinux type var_log_t, is a generic type for all files in the directory and very few processes (SELinux Domains) are allowed to write to this SELinux type. This type of denial usual indicates a mislabeled file. By default a file created in a directory has the gets the context of the parent directory, but SELinux policy has rules about the creation of directories, that say if a process running in one SELinux Domain (D1) creates a file in a directory with a particular SELinux File Context (F1) the file gets a different File Context (F2). The policy usually allows the SELinux Domain (D1) the ability to write, unlink, and append on (F2). But if for some reason a file (/var/log/wicd.log) was created with the wrong context, this domain will be denied. The usual solution to this problem is to reset the file context on the target file, restorecon -v /var/log/wicd.log. If the file context does not change from var_log_t, then this is probably a bug in policy. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against the selinux-policy package. If it does change, you can try your application again to see if it works. The file context could have been mislabeled by editing the file or moving the file from a different directory, if the file keeps getting mislabeled, check the init scripts to see if they are doing something to mislabel the file. Abilitazione accesso in corso Potete cercare di correggere il contesto del file, eseguendo restorecon -v /var/log/wicd.log Il seguente comando abiliterà questo tipo d'accesso: restorecon /var/log/wicd.log Informazioni aggiuntive Contesto della sorgente system_u:system_r:setfiles_t:s0 Contesto target system_u:object_r:var_log_t:s0 Oggetti target /var/log/wicd.log [ file ] Pacchetti RPM interessati policycoreutils-2.0.33-3.fc8 [application] RPM della policy selinux-policy-3.0.8-84.fc8 Selinux abilitato True Tipo di policy targeted MLS abilitato True Modalità Enforcing Permissive Nome plugin plugins.mislabeled_file Host Name localhost.localdomain Piattaforma Linux localhost.localdomain 2.6.23.15-137.fc8 #1 SMP Sun Feb 10 17:48:34 EST 2008 i686 i686 Conteggio allerte 1 First Seen dom 17 feb 2008 23:44:26 CET Last Seen dom 17 feb 2008 23:44:26 CET Local ID f93cb4d3-c57b-4b3d-acf1-4e9b7d615fba Numeri di linea Messaggi Raw Audit avc: denied { write } for comm=restorecon dev=dm-0 egid=0 euid=0 exe=/sbin/setfiles exit=0 fsgid=0 fsuid=0 gid=0 items=0 path=/var/log/wicd.log pid=22454 scontext=system_u:system_r:setfiles_t:s0 sgid=0 subj=system_u:system_r:setfiles_t:s0 suid=0 tclass=file tcontext=system_u:object_r:var_log_t:s0 tty=(none) uid=0
Created attachment 295117 [details] se bug file
This looks like a leaked file descriptor. I am not sure what is writing to /var/log/wicd.log but it needs to CLOSEXEC the open file descriptor. This can be ignored but wicd should be told to close their file descriptors before exec fcnt(fd, F_SETFD, FD_CLOSEXEC)