Bug 524160 - setroubleshoot: SELinux is preventing the SetroubleshootF from using potentially mislabeled files (root).
Summary: setroubleshoot: SELinux is preventing the SetroubleshootF from using pot...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: i386
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:0614716d49b...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-18 07:35 UTC by hectorconhache
Modified: 2009-09-18 11:49 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-18 11:49:47 UTC
Type: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description hectorconhache 2009-09-18 07:35:00 UTC 
The following was filed automatically by setroubleshoot:

Summary:

SELinux is preventing the SetroubleshootF from using potentially mislabeled
files (root).

Detailed Description:

SELinux has denied SetroubleshootF access to potentially mislabeled file(s)
(root). This means that SELinux will not allow SetroubleshootF to use these
files. It is common for users to edit files in their home directory or tmp
directories and then move (mv) them to system directories. The problem is that
the files end up with the wrong file context which confined applications are not
allowed to access.

Allowing Access:

If you want SetroubleshootF to access this files, you need to relabel them using
restorecon -v 'root'. You might want to relabel the entire directory using
restorecon -R -v 'root'.

Additional Information:

Source Context                system_u:system_r:setroubleshoot_fixit_t:s0-s0:c0.
                              c1023
Target Context                system_u:object_r:admin_home_t:s0
Target Objects                root [ dir ]
Source                        SetroubleshootF
Source Path                   /usr/bin/python
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           python-2.6.2-1.fc12
Target RPM Packages           filesystem-2.4.27-1.fc12
Policy RPM                    selinux-policy-3.6.26-8.fc12
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   home_tmp_bad_labels
Host Name                     (removed)
Platform                      Linux (removed)
                              2.6.31-0.125.4.2.rc5.git2.fc12.i686 #1 SMP Tue Aug
                              11 21:20:05 EDT 2009 i686 i686
Alert Count                   1
First Seen                    Fri 18 Sep 2009 02:23:06 AM CDT
Last Seen                     Fri 18 Sep 2009 02:23:06 AM CDT
Local ID                      a55a4801-a5c5-4f8d-b06e-740149b7b30d
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1253258586.972:41120): avc:  denied  { search } for  pid=18276 comm="SetroubleshootF" name="root" dev=dm-0 ino=277 scontext=system_u:system_r:setroubleshoot_fixit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir

node=(removed) type=SYSCALL msg=audit(1253258586.972:41120): arch=40000003 syscall=195 success=no exit=-2 a0=9663c48 a1=bf9fd00c a2=4b4ff4 a3=9663c48 items=0 ppid=18275 pid=18276 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="SetroubleshootF" exe="/usr/bin/python" subj=system_u:system_r:setroubleshoot_fixit_t:s0-s0:c0.c1023 key=(null)


audit2allow suggests:

#============= setroubleshoot_fixit_t ==============
allow setroubleshoot_fixit_t admin_home_t:dir search;
Comment 1 hectorconhache 2009-09-18 07:36:03 UTC 
I was only update the system with yum update
Comment 2 Daniel Walsh 2009-09-18 11:49:47 UTC 
Please yum update to the latest policy which has a fix for this.
Note You need to log in before you can comment on or make changes to this bug.