Hide Forgot
SELinux is preventing /usr/sbin/tmpwatch from 'read' accesses on the directory /. ***** Plugin catchall_labels (83.8 confidence) suggests ******************** If you want to allow tmpwatch to have read access on the directory Then you need to change the label on / Do # semanage fcontext -a -t FILE_TYPE '/' where FILE_TYPE is one of the following: textrel_shlib_t, httpd_cache_t, sandbox_file_t, var_lib_t, user_home_type, kismet_log_t, var_run_t, rpm_var_cache_t, home_root_t, tmpreaper_t, print_spool_t, amavis_spool_t, sysctl_crypto_t, man_t, user_home_dir_t, abrt_t, lib_t, root_t, device_t, usr_t, locale_t, etc_t, tmpfile, device_t, etc_t. Then execute: restorecon -v '/' ***** Plugin catchall (17.1 confidence) suggests *************************** If you believe that tmpwatch should be allowed read access on the directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep tmpwatch /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 Target Context system_u:object_r:mnt_t:s0 Target Objects / [ dir ] Source tmpwatch Source Path /usr/sbin/tmpwatch Port <Unknown> Host (removed) Source RPM Packages tmpwatch-2.10.2-1.fc16 Target RPM Packages filesystem-2.4.41-1.fc16 Policy RPM selinux-policy-3.9.16-15.fc16 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.39-0.rc3.git2.0.fc16.x86_64 #1 SMP Wed Apr 13 17:32:09 UTC 2011 x86_64 x86_64 Alert Count 43 First Seen Fri 15 Apr 2011 12:39:01 PM EDT Last Seen Thu 21 Apr 2011 11:32:01 AM EDT Local ID 1de5d896-8815-4052-ba88-47cad1abf0dc Raw Audit Messages type=AVC msg=audit(1303399921.512:120): avc: denied { read } for pid=14563 comm="tmpwatch" name="/" dev=dm-0 ino=2 scontext=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mnt_t:s0 tclass=dir type=SYSCALL msg=audit(1303399921.512:120): arch=x86_64 syscall=open success=no exit=EACCES a0=40458b a1=0 a2=347bf98150 a3=0 items=0 ppid=14561 pid=14563 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm=tmpwatch exe=/usr/sbin/tmpwatch subj=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 key=(null) Hash: tmpwatch,tmpreaper_t,mnt_t,dir,read audit2allow #============= tmpreaper_t ============== allow tmpreaper_t mnt_t:dir read; audit2allow -R #============= tmpreaper_t ============== allow tmpreaper_t mnt_t:dir read;
Are you having tmpwatch watch the /mnt directory?
Not on purpose. This is a multi-boot test machine with numerous other distros and fedora versions. I mount them in /mnt as part of the install process of the instant distro. After that, they are primarily referred to and only occasionally modified.
Anything in /etc/cron.daily/tmpwatch that mentions mnt?
not that I can see.... sudo cat /etc/cron.daily/tmpwatch #! /bin/sh flags=-umc /usr/sbin/tmpwatch "$flags" -x /tmp/.X11-unix -x /tmp/.XIM-unix \ -x /tmp/.font-unix -x /tmp/.ICE-unix -x /tmp/.Test-unix \ -X '/tmp/hsperfdata_*' 10d /tmp /usr/sbin/tmpwatch "$flags" 30d /var/tmp for d in /var/{cache/man,catman}/{cat?,X11R6/cat?,local/cat?}; do if [ -d "$d" ]; then /usr/sbin/tmpwatch "$flags" -f 30d "$d" fi done
Would it be advisable to run the command recommended in the troubleshooter? #!/bin/bash for ft in textrel_shlib_t httpd_cache_t sandbox_file_t var_lib_t user_home_type kismet_log_t var_run_t rpm_var_cache_t home_root_t tmpreaper_t print_spool_t amavis_spool_t sysctl_crypto_t man_t user_home_dir_t abrt_t lib_t root_t device_t usr_t locale_t etc_t tmpfile device_t etc_t; do semanage fcontext -a -t $ft '/'; done
No. Has this happened again? Do you have special file systems mounted on /mnt or /media?
Yeah, number of occurrences at 106. Nothing in media. mnt has other distro root filesystems mounted in it, a seti at home partition and a vfat partition: $ df -ahT /mnt/* Filesystem Type Size Used Avail Use% Mounted on /dev/mapper/VolGroup00-fedora14 ext4 16G 5.2G 9.5G 36% /mnt/fedora14 /dev/mapper/VolGroup00-fedora15 ext4 16G 6.2G 8.5G 43% /mnt/fedora15 /dev/sdf6 ext3 2.0G 198M 1.7G 11% /mnt/seti /dev/sdf3 vfat 9.8G 75M 9.7G 1% /mnt/share /dev/mapper/VolGroup00-rawhide ext4 16G 6.4G 8.3G 44% / running in permissive mode.
Any chance you have symbolic links into these directories? Or bind mounts?
(In reply to comment #8) > Any chance you have symbolic links into these directories? Or bind mounts? No. However, there are symbolic links **within** the /mnt/fedora14 and /mnt/fedora15 directories
Lets see if auditing gives us better data. Can you turn on full auditing to see if we get a better path. # auditctl -W /etc/shadow -p w Next time you get this AVC see if it includes a PATH record.
(In reply to comment #10) > Lets see if auditing gives us better data. Can you turn on full auditing to > see if we get a better path. > > > # auditctl -W /etc/shadow -p w > > Next time you get this AVC see if it includes a PATH record. # auditctl -W /etc/shadow -p w Error sending delete rule data request (No such file or directory) Didn't work?
Sorry auditctl -w /etc/shadow -p w