Bug 441035 - tmpwatcher complaints
tmpwatcher complaints
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-04-05 08:00 EDT by Need Real Name
Modified: 2008-04-08 08:22 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-04-06 05:56:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2008-04-05 08:00:27 EDT
host=box type=AVC msg=audit(1207396183.24:1069): avc: denied { setattr } for
pid=19533 comm="tmpwatch" name="virtual-usr.vCdbou" dev=sda2 ino=19136723
scontext=system_u:system_r:tmpreaper_t:s0 tcontext=system_u:object_r:file_t:s0
tclass=dir host=box type=SYSCALL msg=audit(1207396183.24:1069): arch=40000003
syscall=30 success=yes exit=0 a0=804ac62 a1=bfb7a5e4 a2=0 a3=8fdf5a8 items=0
ppid=19531 pid=19533 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tmpwatch"
exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0 key=(null)
Comment 1 Daniel Walsh 2008-04-06 05:56:10 EDT
You have a mislabeled file out on /tmp.  Some how this file got there with out a
label, you should either remove the file or label it using 

chcon -t tmp_t /tmp/virtual-user*
Comment 2 Need Real Name 2008-04-06 06:17:20 EDT
Then surely the bug is that the file was not labelled?
There is also a file put there by seahorse.
Comment 3 Daniel Walsh 2008-04-06 06:49:36 EDT
Was the file put there by seahorce mislabeled?

Was this an upgraded machine from a machine that was not running SELinux?

Relabeling of a machine does not effect the contents of /tmp,  So in some cases
garbage remains from when the system had SELinux turned on.  These files have to
be handled manually. We used to just delete the contents of /tmp, but this was
considered too dangerous.  You should not see newly created files with the label
of file_t.
Comment 4 Daniel Walsh 2008-04-06 06:53:03 EDT
I will give tmpreaper/tmpwatch the ability to delete these files.
Comment 5 Need Real Name 2008-04-06 08:20:51 EDT
Yes it was from an upgrade, but dont worry about changing tmpwatch it sounds racey.
Comment 6 Daniel Walsh 2008-04-08 08:22:24 EDT
No it just gives the ability fro tmpwatch to handle mislabeled/unlabeled files
in /tmp.

Note You need to log in before you can comment on or make changes to this bug.