Bug 562087 - SELinux is preventing the /usr/bin/python from using potentially mislabeled files (/root/.local).
Summary: SELinux is preventing the /usr/bin/python from using potentially mislabeled f...
Keywords:
Status: CLOSED DUPLICATE of bug 561031
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:bdfa0771ded...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-02-05 08:29 UTC by Fernando
Modified: 2010-02-05 08:56 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2010-02-05 08:56:27 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Fernando 2010-02-05 08:29:47 UTC 
Resumo:

SELinux is preventing the /usr/bin/python from using potentially mislabeled
files (/root/.local).

Descrição Detalhada:

SELinux has denied system-config-f access to potentially mislabeled file(s)
(/root/.local). This means that SELinux will not allow system-config-f to use
these files. It is common for users to edit files in their home directory or tmp
directories and then move (mv) them to system directories. The problem is that
the files end up with the wrong file context which confined applications are not
allowed to access.

A Permitir o Acesso:

If you want system-config-f to access this files, you need to relabel them using
restorecon -v '/root/.local'. You might want to relabel the entire directory
using restorecon -R -v '/root/.local'.

Informação Adicional:

Contexto de Origem            system_u:system_r:firewallgui_t:s0-s0:c0.c1023
Contexto de Destino           system_u:object_r:gconf_home_t:s0
Objectos de Destino           /root/.local [ dir ]
Fonte                         system-config-f
Caminho de Origem             /usr/bin/python
Porto                         <Desconhecida>
Máquina                      (removed)
Pacotes RPM Fonte             python-2.6.2-2.fc12
Pacotes RPM Destino           
RPM da Política              selinux-policy-3.6.32-78.fc12
Selinux Activo                True
Tipo de Política             targeted
MLS Activo                    True
Modo de Execução Forçada   Enforcing
Nome do Plugin                home_tmp_bad_labels
Nome da Máquina              (removed)
Plataforma                    Linux (removed) 2.6.31.5-127.fc12.x86_64 #1 SMP
                              Sat Nov 7 21:11:14 EST 2009 x86_64 x86_64
Contador de Alertas           1
Primeira Vez Visto            Sex 05 Fev 2010 08:26:05 WET
Última Vez Visto             Sex 05 Fev 2010 08:26:05 WET
ID Local                      2bb45fcb-fea9-4df6-bdbf-76017fb7044d
Números de Linha             

Mensagens de Auditoria em Bru 

node=(removed) type=AVC msg=audit(1265358365.721:25508): avc:  denied  { search } for  pid=28834 comm="system-config-f" name=".local" dev=sda2 ino=123588 scontext=system_u:system_r:firewallgui_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir

node=(removed) type=SYSCALL msg=audit(1265358365.721:25508): arch=c000003e syscall=4 success=no exit=-2 a0=d45550 a1=7fff8951e200 a2=7fff8951e200 a3=6b6361702d657469 items=0 ppid=28833 pid=28834 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="system-config-f" exe="/usr/bin/python" subj=system_u:system_r:firewallgui_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  selinux-policy-3.6.32-78.fc12,home_tmp_bad_labels,system-config-f,firewallgui_t,gconf_home_t,dir,search
audit2allow suggests:

#============= firewallgui_t ==============
allow firewallgui_t gconf_home_t:dir search;
Comment 1 Miroslav Grepl 2010-02-05 08:56:27 UTC 

*** This bug has been marked as a duplicate of bug 561031 ***
Note You need to log in before you can comment on or make changes to this bug.