Bug 440013 – SELinux is preventing access to files with the label, file_t.

Bug 440013 - SELinux is preventing access to files with the label, file_t.

Summary:	SELinux is preventing access to files with the label, file_t.

Status:	CLOSED NOTABUG

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	gdm (Show other bugs)
Sub Component:
Version:	rawhide
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	jmccann
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:

URL:
Whiteboard:
Keywords:	SELinux

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2008-04-01 07:31 EDT by Matěj Cepl
Modified:	2015-01-14 18:20 EST (History)
CC List:	3 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2008-04-06 06:20:29 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Matěj Cepl 2008-04-01 07:31:24 EDT

Description of problem:

Souhrn:

SELinux is preventing access to files with the label, file_t.

Podrobný popis:

SELinux permission checks on files labeled file_t are being denied. file_t is
the context the SELinux kernel gives to files that do not have a label. This
indicates a serious labeling problem. No files on an SELinux box should ever be
labeled file_t. If you have just added a new disk drive to the system you can
relabel it using the restorecon command. Otherwise you should relabel the entire
files system.

Povolení přístupu:

You can execute the following command as root to relabel your computer system:
"touch /.autorelabel; reboot"

Další informace:

Kontext zdroje                system_u:system_r:xdm_t:SystemLow-SystemHigh
Kontext cíle                 system_u:object_r:file_t
Objekty cíle                 ./pulse-gdm [ dir ]
Zdroj                         pulseaudio
Cesta zdroje                  /usr/bin/pulseaudio
Port                          <Neznámé>
Počítač                    viklef.ceplovi.cz
RPM balíčky zdroje          pulseaudio-0.9.10-1.fc9
RPM balíčky cíle           
RPM politiky                  selinux-policy-3.3.1-26.fc9
Selinux povolen               True
Typ politiky                  targeted
MLS povoleno                  True
Vynucovací režim            Enforcing
Název zásuvného modulu     file
Název počítače            viklef.ceplovi.cz
Platforma                     Linux viklef.ceplovi.cz
                              2.6.25-0.163.rc7.git1.fc9.i686 #1 SMP Thu Mar 27
                              09:56:04 EDT 2008 i686 i686
Počet uporoznění           2
Poprvé viděno               Út 1. duben 2008, 11:13:19 CEST
Naposledy viděno             Út 1. duben 2008, 11:13:19 CEST
Místní ID                   afb6eaf4-d2a7-46cd-bdbb-8c89403b37c0
Čísla řádků              

Původní zprávy auditu      

host=viklef.ceplovi.cz type=AVC msg=audit(1207041199.679:4348): avc:  denied  {
setattr } for  pid=12266 comm="pulseaudio" name="pulse-gdm" dev=dm-0 ino=6733044
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:file_t:s0 tclass=dir

host=viklef.ceplovi.cz type=SYSCALL msg=audit(1207041199.679:4348):
arch=40000003 syscall=15 success=no exit=-13 a0=bf84c340 a1=1c0 a2=1b6cb4
a3=ffffffff items=0 ppid=12259 pid=12266 auid=4294967295 uid=42 gid=42 euid=42
suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295
comm="pulseaudio" exe="/usr/bin/pulseaudio"
subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

Version-Release number of selected component (if applicable):
gdm-2.21.10-0.2008.03.26.3.fc9.i386
pulseaudio-0.9.10-1.fc9.i386
selinux-policy-targeted-3.3.1-26.fc9.noarch

Comment 1 Daniel Walsh 2008-04-06 06:20:29 EDT

THis was all caused by bad labeling.

Note You need to log in before you can comment on or make changes to this bug.