Bug 440013 - SELinux is preventing access to files with the label, file_t.
SELinux is preventing access to files with the label, file_t.
Product: Fedora
Classification: Fedora
Component: gdm (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: jmccann
Fedora Extras Quality Assurance
: SELinux
Depends On:
  Show dependency treegraph
Reported: 2008-04-01 07:31 EDT by Matěj Cepl
Modified: 2015-01-14 18:20 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-04-06 06:20:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Matěj Cepl 2008-04-01 07:31:24 EDT
Description of problem:


SELinux is preventing access to files with the label, file_t.

Podrobný popis:

SELinux permission checks on files labeled file_t are being denied. file_t is
the context the SELinux kernel gives to files that do not have a label. This
indicates a serious labeling problem. No files on an SELinux box should ever be
labeled file_t. If you have just added a new disk drive to the system you can
relabel it using the restorecon command. Otherwise you should relabel the entire
files system.

Povolení přístupu:

You can execute the following command as root to relabel your computer system:
"touch /.autorelabel; reboot"

Další informace:

Kontext zdroje                system_u:system_r:xdm_t:SystemLow-SystemHigh
Kontext cíle                 system_u:object_r:file_t
Objekty cíle                 ./pulse-gdm [ dir ]
Zdroj                         pulseaudio
Cesta zdroje                  /usr/bin/pulseaudio
Port                          <Neznámé>
Počítač                    viklef.ceplovi.cz
RPM balíčky zdroje          pulseaudio-0.9.10-1.fc9
RPM balíčky cíle           
RPM politiky                  selinux-policy-3.3.1-26.fc9
Selinux povolen               True
Typ politiky                  targeted
MLS povoleno                  True
Vynucovací režim            Enforcing
Název zásuvného modulu     file
Název počítače            viklef.ceplovi.cz
Platforma                     Linux viklef.ceplovi.cz
                              2.6.25-0.163.rc7.git1.fc9.i686 #1 SMP Thu Mar 27
                              09:56:04 EDT 2008 i686 i686
Počet uporoznění           2
Poprvé viděno               Út 1. duben 2008, 11:13:19 CEST
Naposledy viděno             Út 1. duben 2008, 11:13:19 CEST
Místní ID                   afb6eaf4-d2a7-46cd-bdbb-8c89403b37c0
Čísla řádků              

Původní zprávy auditu      

host=viklef.ceplovi.cz type=AVC msg=audit(1207041199.679:4348): avc:  denied  {
setattr } for  pid=12266 comm="pulseaudio" name="pulse-gdm" dev=dm-0 ino=6733044
tcontext=system_u:object_r:file_t:s0 tclass=dir

host=viklef.ceplovi.cz type=SYSCALL msg=audit(1207041199.679:4348):
arch=40000003 syscall=15 success=no exit=-13 a0=bf84c340 a1=1c0 a2=1b6cb4
a3=ffffffff items=0 ppid=12259 pid=12266 auid=4294967295 uid=42 gid=42 euid=42
suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295
comm="pulseaudio" exe="/usr/bin/pulseaudio"
subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

Version-Release number of selected component (if applicable):
Comment 1 Daniel Walsh 2008-04-06 06:20:29 EDT
THis was all caused by bad labeling.

Note You need to log in before you can comment on or make changes to this bug.