Bug 565729 - SELinux is preventing access to files with the label, file_t.
Summary: SELinux is preventing access to files with the label, file_t.
Keywords:
Status: CLOSED DUPLICATE of bug 538428
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:be7a4f06c0b...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-02-16 04:47 UTC by Weonjong Lee
Modified: 2010-02-25 12:53 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-02-16 11:55:22 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Weonjong Lee 2010-02-16 04:47:33 UTC 
요약:

SELinux is preventing access to files with the label, file_t.

상세 설명:

SELinux permission checks on files labeled file_t are being denied. file_t is
the context the SELinux kernel gives to files that do not have a label. This
indicates a serious labeling problem. No files on an SELinux box should ever be
labeled file_t. If you have just added a new disk drive to the system you can
relabel it using the restorecon command. Otherwise you should relabel the entire
files system.

액세스 허용:

You can execute the following command as root to relabel your computer system:
"touch /.autorelabel; reboot"

자세한 정보:

소스 문맥                 system_u:system_r:xdm_t:s0-s0:c0.c1023
대상 문맥                 system_u:object_r:file_t:s0
대상 객체                 ./.xsession-errors [ file ]
소스                        gdm-session-wor
소스 경로                 /usr/libexec/gdm-session-worker
포트                        <알려지지 않음>
호스트                     (removed)
소스 RPM 패키지          gdm-2.22.0-1.fc9
대상 RPM 패키지          
정책 RPM                    selinux-policy-3.3.1-42.fc9
Selinux 활성화             True
정책 유형                 targeted
강제 모드                 Enforcing
플러그인명               file
호스트명                  (removed)
플랫폼                     Linux (removed) 2.6.25-14.fc9.x86_64 #1 SMP
                              Thu May 1 06:06:21 EDT 2008 x86_64 x86_64
통지 카운트              1
초기 화면                 2008년 11월 17일 (월) 오후 04시 18분 28초
마지막 화면              2008년 11월 17일 (월) 오후 04시 18분 28초
로컬 ID                     2753bac2-9d94-418b-9ba1-a07a52acf422
줄 번호                    

원 감사 메세지          

node=(removed) type=AVC msg=audit(1226906308.884:16): avc:  denied  { read append } for  pid=2434 comm="gdm-session-wor" name=".xsession-errors" dev=sda5 ino=11337740 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1226906308.884:16): arch=c000003e syscall=2 success=no exit=-13 a0=1228690 a1=442 a2=180 a3=a0 items=0 ppid=2355 pid=2434 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="gdm-session-wor" exe="/usr/libexec/gdm-session-worker" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  file,gdm-session-wor,xdm_t,file_t,file,read,append
audit2allow suggests:

#============= xdm_t ==============
allow xdm_t file_t:file { read append };
Comment 1 Miroslav Grepl 2010-02-16 11:55:22 UTC 

*** This bug has been marked as a duplicate of bug 538428 ***
Note You need to log in before you can comment on or make changes to this bug.