Bug 474771 - (staff_u) SELinux is preventing the nautilus from using potentially mislabeled files (./.X11-unix).
(staff_u) SELinux is preventing the nautilus from using potentially mislabele...
Status: CLOSED DUPLICATE of bug 477278
Product: Fedora
Classification: Fedora
Component: nautilus (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Tomáš Bžatek
Fedora Extras Quality Assurance
: SELinux
Depends On:
  Show dependency treegraph
Reported: 2008-12-05 05:54 EST by Matěj Cepl
Modified: 2018-04-11 12:19 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-12-22 04:24:47 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Matěj Cepl 2008-12-05 05:54:31 EST

SELinux is preventing the nautilus from using potentially mislabeled files

Podrobný popis:

SELinux has denied nautilus access to potentially mislabeled file(s)
(./.X11-unix). This means that SELinux will not allow nautilus to use these
files. It is common for users to edit files in their home directory or tmp
directories and then move (mv) them to system directories. The problem is that
the files end up with the wrong file context which confined applications are not
allowed to access.

Povolení přístupu:

If you want nautilus to access this files, you need to relabel them using
restorecon -v './.X11-unix'. You might want to relabel the entire directory
using restorecon -R -v './.X11-unix'.

Další informace:

Kontext zdroje                staff_u:staff_r:staff_t:SystemLow-SystemHigh
Kontext cíle                 system_u:object_r:xdm_xserver_tmp_t
Objekty cíle                 ./.X11-unix [ dir ]
Zdroj                         nautilus
Cesta zdroje                  /usr/bin/nautilus
Port                          <Neznámé>
Počítač                    viklef
RPM balíčky zdroje          nautilus-2.24.1-3.fc10
RPM balíčky cíle           
RPM politiky                  selinux-policy-3.5.13-26.fc10
Selinux povolen               True
Typ politiky                  targeted
MLS povoleno                  True
Vynucovací režim            Enforcing
Název zásuvného modulu     home_tmp_bad_labels
Název počítače            viklef
Platforma                     Linux viklef #1 SMP Thu Nov
                              27 02:35:17 EST 2008 i686 i686
Počet upozornění           1
Poprvé viděno               Pá 5. prosinec 2008, 11:29:47 CET
Naposledy viděno             Pá 5. prosinec 2008, 11:29:47 CET
Místní ID                   71a76cff-3428-4c23-be95-13e82a8adb48
Čísla řádků              

Původní zprávy auditu      

node=viklef type=AVC msg=audit(1228472987.703:157): avc:  denied  { write } for  pid=4544 comm="nautilus" name=".X11-unix" dev=tmpfs ino=12138 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_xserver_tmp_t:s0 tclass=dir

node=viklef type=SYSCALL msg=audit(1228472987.703:157): arch=40000003 syscall=33 success=no exit=-13 a0=b0796ca0 a1=2 a2=c8b25c a3=30cf6b9 items=0 ppid=2919 pid=4544 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=2 comm="nautilus" exe="/usr/bin/nautilus" subj=staff_u:staff_r:staff_t:s0-s0:c0.c1023 key=(null)


just for the sake of completness:

[matej@viklef ~]$ ls -ldZ /tmp/.X11-unix/
drwxrwxrwt  root root system_u:object_r:xdm_xserver_tmp_t /tmp/.X11-unix/
[matej@viklef ~]$
Comment 1 Tomáš Bžatek 2008-12-22 04:24:47 EST

*** This bug has been marked as a duplicate of bug 477278 ***

Note You need to log in before you can comment on or make changes to this bug.