Zusammenfassung: SELinux is preventing /bin/cp "relabelfrom" access on /var/lib/misc/prelink.quick. Detaillierte Beschreibung: [cp hat einen zugelassenen Typ (prelink_cron_system_t). Dieser Zugriff wurde nicht verweigert.] SELinux denied access requested by cp. It is not expected that this access is required by cp and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Zugriff erlauben: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Zusätzliche Informationen: Quellkontext system_u:system_r:prelink_cron_system_t:s0-s0:c0.c 1023 Zielkontext system_u:object_r:prelink_var_lib_t:s0 Zielobjekte /var/lib/misc/prelink.quick [ file ] Quelle cp Quellpfad /bin/cp Port <Unbekannt> Host (removed) RPM-Pakete der Quelle coreutils-7.6-7.fc12 RPM-Pakete des Ziels prelink-0.4.2-4.fc12 Richtlinien-RPM selinux-policy-3.6.32-55.fc12 SELinux aktiviert True Richtlinientyp targeted Enforcing-Modus Enforcing Plugin-Name catchall Rechnername (removed) Plattform Linux (removed) 2.6.31.6-166.fc12.i686.PAE #1 SMP Wed Dec 9 11:00:30 EST 2009 i686 athlon Anzahl der Alarme 2 Zuerst gesehen Mo 11 Jan 2010 21:12:11 CET Zuletzt gesehen Mo 11 Jan 2010 21:12:11 CET Lokale ID b2370218-62e6-4eee-82c5-fe5405b36537 Zeilennummern Raw-Audit-Meldungen node=(removed) type=AVC msg=audit(1263240731.631:26263): avc: denied { relabelfrom } for pid=5793 comm="cp" name="prelink.quick" dev=sda2 ino=187628 scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:object_r:prelink_var_lib_t:s0 tclass=file node=(removed) type=AVC msg=audit(1263240731.631:26263): avc: denied { relabelto } for pid=5793 comm="cp" name="prelink.quick" dev=sda2 ino=187628 scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:object_r:prelink_var_lib_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1263240731.631:26263): arch=40000003 syscall=228 success=yes exit=0 a0=5 a1=b7a9cd a2=9d7f498 a3=27 items=0 ppid=5786 pid=5793 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="cp" exe="/bin/cp" subj=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,cp,prelink_cron_system_t,prelink_var_lib_t,file,relabelfrom audit2allow suggests: #============= prelink_cron_system_t ============== #!!!! This avc is allowed in the current policy allow prelink_cron_system_t prelink_var_lib_t:file { relabelfrom relabelto };
yum update
This error still shows in my F13 install.
Please attach the AVC information. ausearch -m avc -ts recent
Summary: SELinux is preventing /bin/cp "relabelfrom" access on /var/lib/prelink/quick. Detailed Description: SELinux denied access requested by cp. It is not expected that this access is required by cp and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:prelink_cron_system_t:s0-s0:c0.c 1023 Target Context unconfined_u:object_r:prelink_var_lib_t:s0 Target Objects /var/lib/prelink/quick [ file ] Source cp Source Path /bin/cp Port <Unknown> Host bogomip.badmuts.org Source RPM Packages coreutils-8.4-8.fc13 Target RPM Packages prelink-0.4.3-3.fc13 Policy RPM selinux-policy-3.7.19-47.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name bogomip.badmuts.org Platform Linux bogomip.badmuts.org 2.6.33.6-147.2.4.fc13.x86_64 #1 SMP Fri Jul 23 17:14:44 UTC 2010 x86_64 x86_64 Alert Count 2 First Seen Wed 18 Aug 2010 03:07:54 PM CEST Last Seen Wed 18 Aug 2010 03:07:54 PM CEST Local ID 7727bf05-ffa3-4ceb-8c36-b619222b6701 Line Numbers Raw Audit Messages node=bogomip.badmuts.org type=AVC msg=audit(1282136874.53:25194): avc: denied { relabelfrom } for pid=9986 comm="cp" name="quick" dev=dm-0 ino=253311 scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:prelink_var_lib_t:s0 tclass=file node=bogomip.badmuts.org type=SYSCALL msg=audit(1282136874.53:25194): arch=c000003e syscall=190 success=no exit=-13 a0=4 a1=7fff6ef6a580 a2=17b5930 a3=2b items=0 ppid=9979 pid=9986 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="cp" exe="/bin/cp" subj=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 key=(null) ausearch -m avc -ts recent outputs <no matches>
This is fixed in the latest F13 policy.