Bug 624730 - SELinux is preventing /usr/libexec/mission-control-5 "write" access on .mc_connections.
Summary: SELinux is preventing /usr/libexec/mission-control-5 "write" access on ....
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:2bc4e6913aa...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-08-17 15:29 UTC by Matěj Cepl
Modified: 2018-04-11 18:10 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2010-08-19 10:02:23 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Matěj Cepl 2010-08-17 15:29:51 UTC
Souhrn:

SELinux is preventing /usr/libexec/mission-control-5 "write" access on
.mc_connections.

Podrobný popis:

SELinux denied access requested by mission-control. It is not expected that this
access is required by mission-control and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Povolení přístupu:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

Další informace:

Kontext zdroje                unconfined_u:unconfined_r:telepathy_mission_contro
                              l_t:s0-s0:c0.c1023
Kontext cíle                 staff_u:object_r:cache_home_t:s0
Objekty cíle                 .mc_connections [ file ]
Zdroj                         mission-control
Cesta zdroje                  /usr/libexec/mission-control-5
Port                          <Neznámé>
Počítač                    (removed)
RPM balíčky zdroje          telepathy-mission-control-5.4.3-1.fc14
RPM balíčky cíle           
RPM politiky                  selinux-policy-3.8.8-10.fc14
Selinux povolen               True
Typ politiky                  targeted
Vynucovací režim            Enforcing
Název zásuvného modulu     catchall
Název počítače            (removed)
Platforma                     Linux jakoubek 2.6.35-0.57.rc6.git1.fc14.x86_64 #1
                              SMP Mon Jul 26 22:43:02 UTC 2010 x86_64 x86_64
Počet upozornění           32
Poprvé viděno               Út 17. srpen 2010, 10:33:11 EDT
Naposledy viděno             Út 17. srpen 2010, 10:44:06 EDT
Místní ID                   05b1cb6c-4426-4a55-893c-08e536ba1f75
Čísla řádků              

Původní zprávy auditu      

node=(removed) type=AVC msg=audit(1282056246.50:845): avc:  denied  { write } for  pid=3042 comm="mission-control" name=".mc_connections" dev=dm-9 ino=1186741 scontext=unconfined_u:unconfined_r:telepathy_mission_control_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:cache_home_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1282056246.50:845): arch=c000003e syscall=2 success=no exit=-13 a0=cd6fb0 a1=241 a2=1b6 a3=0 items=0 ppid=1 pid=3042 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="mission-control" exe="/usr/libexec/mission-control-5" subj=unconfined_u:unconfined_r:telepathy_mission_control_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  catchall,mission-control,telepathy_mission_control_t,cache_home_t,file,write
audit2allow suggests:

#============= telepathy_mission_control_t ==============
#!!!! This avc is allowed in the current policy

allow telepathy_mission_control_t cache_home_t:file write;

Comment 1 Daniel Walsh 2010-08-19 10:02:23 UTC
restorecon -R -v ~/.cache

Should fix.


Note You need to log in before you can comment on or make changes to this bug.