Bug 548823 - SELinux is preventing access to files with the label, file_t.
Summary: SELinux is preventing access to files with the label, file_t.
Keywords:
Status: CLOSED DUPLICATE of bug 537613
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:868f0a26caf...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-12-18 18:08 UTC by Buzugenn
Modified: 2010-01-22 19:33 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-12-18 20:49:59 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Buzugenn 2009-12-18 18:08:51 UTC 
Résumé:

SELinux is preventing access to files with the label, file_t.

Description détaillée:

[Default a un type permissif (xdm_t). Cet accès n'a pas été refusé.]

SELinux permission checks on files labeled file_t are being denied. file_t is
the context the SELinux kernel gives to files that do not have a label. This
indicates a serious labeling problem. No files on an SELinux box should ever be
labeled file_t. If you have just added a disk drive to the system you can
relabel it using the restorecon command. For example if you saved the home
directory from a previous installation that did not use SELinux, 'restorecon -R
-v /home' will fix the labels. Otherwise you should relabel the entire file
system.

Autoriser l'accès:

You can execute the following command as root to relabel your computer system:
"touch /.autorelabel; reboot"

Informations complémentaires:

Contexte source               system_u:system_r:xdm_t:s0-s0:c0.c1023
Contexte cible                system_u:object_r:file_t:s0
Objets du contexte            /home/loreley [ dir ]
source                        Default
Chemin de la source           /bin/bash
Port                          <Inconnu>
Hôte                         (removed)
Paquetages RPM source         bash-4.0.35-2.fc12
Paquetages RPM cible          
Politique RPM                 selinux-policy-3.6.32-56.fc12
Selinux activé               True
Type de politique             targeted
Mode strict                   Enforcing
Nom du plugin                 file
Nom de l'hôte                (removed)
Plateforme                    Linux (removed) 2.6.31.6-166.fc12.x86_64 #1 SMP Wed
                              Dec 9 10:46:22 EST 2009 x86_64 x86_64
Compteur d'alertes            54
Première alerte              dim. 29 nov. 2009 02:14:44 CET
Dernière alerte              ven. 18 déc. 2009 19:07:56 CET
ID local                      67f01e0b-4201-484d-b067-ec3f63478ce9
Numéros des lignes           

Messages d'audit bruts        

node=(removed) type=AVC msg=audit(1261159676.410:43): avc:  denied  { getattr } for  pid=4155 comm="Default" path="/home/loreley" dev=sda5 ino=8193 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=dir

node=(removed) type=SYSCALL msg=audit(1261159676.410:43): arch=c000003e syscall=4 success=yes exit=128 a0=216cfb0 a1=7fff2d3af220 a2=7fff2d3af220 a3=30b147e540 items=0 ppid=1321 pid=4155 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="Default" exe="/bin/bash" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  selinux-policy-3.6.32-56.fc12,file,Default,xdm_t,file_t,dir,getattr
audit2allow suggests:

#============= xdm_t ==============
allow xdm_t file_t:dir getattr;
Comment 1 Daniel Walsh 2009-12-18 20:49:59 UTC 

*** This bug has been marked as a duplicate of bug 537613 ***
Note You need to log in before you can comment on or make changes to this bug.