Bug 440013 - SELinux is preventing access to files with the label, file_t.
Summary: SELinux is preventing access to files with the label, file_t.
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: gdm
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: jmccann
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-04-01 11:31 UTC by Matěj Cepl
Modified: 2018-04-11 18:08 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-04-06 10:20:29 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Matěj Cepl 2008-04-01 11:31:24 UTC
Description of problem:

Souhrn:

SELinux is preventing access to files with the label, file_t.

Podrobný popis:

SELinux permission checks on files labeled file_t are being denied. file_t is
the context the SELinux kernel gives to files that do not have a label. This
indicates a serious labeling problem. No files on an SELinux box should ever be
labeled file_t. If you have just added a new disk drive to the system you can
relabel it using the restorecon command. Otherwise you should relabel the entire
files system.

Povolení přístupu:

You can execute the following command as root to relabel your computer system:
"touch /.autorelabel; reboot"

Další informace:

Kontext zdroje                system_u:system_r:xdm_t:SystemLow-SystemHigh
Kontext cíle                 system_u:object_r:file_t
Objekty cíle                 ./pulse-gdm [ dir ]
Zdroj                         pulseaudio
Cesta zdroje                  /usr/bin/pulseaudio
Port                          <Neznámé>
Počítač                    viklef.ceplovi.cz
RPM balíčky zdroje          pulseaudio-0.9.10-1.fc9
RPM balíčky cíle           
RPM politiky                  selinux-policy-3.3.1-26.fc9
Selinux povolen               True
Typ politiky                  targeted
MLS povoleno                  True
Vynucovací režim            Enforcing
Název zásuvného modulu     file
Název počítače            viklef.ceplovi.cz
Platforma                     Linux viklef.ceplovi.cz
                              2.6.25-0.163.rc7.git1.fc9.i686 #1 SMP Thu Mar 27
                              09:56:04 EDT 2008 i686 i686
Počet uporoznění           2
Poprvé viděno               Út 1. duben 2008, 11:13:19 CEST
Naposledy viděno             Út 1. duben 2008, 11:13:19 CEST
Místní ID                   afb6eaf4-d2a7-46cd-bdbb-8c89403b37c0
Čísla řádků              

Původní zprávy auditu      

host=viklef.ceplovi.cz type=AVC msg=audit(1207041199.679:4348): avc:  denied  {
setattr } for  pid=12266 comm="pulseaudio" name="pulse-gdm" dev=dm-0 ino=6733044
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:file_t:s0 tclass=dir

host=viklef.ceplovi.cz type=SYSCALL msg=audit(1207041199.679:4348):
arch=40000003 syscall=15 success=no exit=-13 a0=bf84c340 a1=1c0 a2=1b6cb4
a3=ffffffff items=0 ppid=12259 pid=12266 auid=4294967295 uid=42 gid=42 euid=42
suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295
comm="pulseaudio" exe="/usr/bin/pulseaudio"
subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

Version-Release number of selected component (if applicable):
gdm-2.21.10-0.2008.03.26.3.fc9.i386
pulseaudio-0.9.10-1.fc9.i386
selinux-policy-targeted-3.3.1-26.fc9.noarch

Comment 1 Daniel Walsh 2008-04-06 10:20:29 UTC
THis was all caused by bad labeling.


Note You need to log in before you can comment on or make changes to this bug.