Dear all,
I have done this before :
"touch /.autorelabel; reboot"
several days pass and I see this file_t again and I have to do "in quote" this again . What is file_t anyway? I do not know of any in my system.
Thanks,
Antonio
Summary:
SELinux is preventing access to files with the label, file_t.
Detailed Description:
SELinux permission checks on files labeled file_t are being denied. file_t is the context the SELinux kernel gives to files that do not have a label. This indicates a serious labeling problem. No files on an SELinux box should ever be labeled file_t. If you have just added a new disk drive to the system you can relabel it using the restorecon command. Otherwise you should relabel the entire files system.
Allowing Access:
You can execute the following command as root to relabel your computer system: "touch /.autorelabel; reboot"
Additional Information:
Source Context system_u:system_r:tmpreaper_t Target Context system_u:object_r:file_t Target Objects ./virtual-olivares.1dNZIJ [ dir ] Source tmpwatch Source Path /usr/sbin/tmpwatch Port <Unknown> Host localhost Source RPM Packages tmpwatch-2.9.13-2 Target RPM Packages Policy RPM selinux-policy-3.3.1-9.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name file Host Name localhost Platform Linux localhost 2.6.25-0.80.rc3.git2.fc9 #1 SMP Fri Feb 29 18:17:34 EST 2008 i686 athlon Alert Count 1 First Seen Mon 03 Mar 2008 10:01:18 AM CST Last Seen Mon 03 Mar 2008 10:01:18 AM CST Local ID 08676827-232c-4027-aa44-9431e45d6d53 Line Numbers
Raw Audit Messages
host=localhost type=AVC msg=audit(1204560078.2:50): avc: denied { rmdir } for pid=32386 comm="tmpwatch" name="virtual-olivares.1dNZIJ" dev=dm-0 ino=31391789 scontext=system_u:system_r:tmpreaper_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
host=localhost type=SYSCALL msg=audit(1204560078.2:50): arch=40000003 syscall=40 success=no exit=-13 a0=960ec33 a1=28 a2=960f1a0 a3=960ec33 items=0 ppid=32384 pid=32386 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0 key=(null)
____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Antonio Olivares wrote:
Dear all,
I have done this before :
"touch /.autorelabel; reboot"
several days pass and I see this file_t again and I have to do "in quote" this again . What is file_t anyway? I do not know of any in my system.
Thanks,
Antonio
Summary:
SELinux is preventing access to files with the label, file_t.
Detailed Description:
SELinux permission checks on files labeled file_t are being denied. file_t is the context the SELinux kernel gives to files that do not have a label. This indicates a serious labeling problem. No files on an SELinux box should ever be labeled file_t. If you have just added a new disk drive to the system you can relabel it using the restorecon command. Otherwise you should relabel the entire files system.
Allowing Access:
You can execute the following command as root to relabel your computer system: "touch /.autorelabel; reboot"
Additional Information:
Source Context system_u:system_r:tmpreaper_t Target Context system_u:object_r:file_t Target Objects ./virtual-olivares.1dNZIJ [ dir ] Source tmpwatch Source Path /usr/sbin/tmpwatch Port <Unknown> Host localhost Source RPM Packages tmpwatch-2.9.13-2 Target RPM Packages Policy RPM selinux-policy-3.3.1-9.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name file Host Name localhost Platform Linux localhost 2.6.25-0.80.rc3.git2.fc9 #1 SMP Fri Feb 29 18:17:34 EST 2008 i686 athlon Alert Count 1 First Seen Mon 03 Mar 2008 10:01:18 AM CST Last Seen Mon 03 Mar 2008 10:01:18 AM CST Local ID 08676827-232c-4027-aa44-9431e45d6d53 Line Numbers
Raw Audit Messages
host=localhost type=AVC msg=audit(1204560078.2:50): avc: denied { rmdir } for pid=32386 comm="tmpwatch" name="virtual-olivares.1dNZIJ" dev=dm-0 ino=31391789 scontext=system_u:system_r:tmpreaper_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
host=localhost type=SYSCALL msg=audit(1204560078.2:50): arch=40000003 syscall=40 success=no exit=-13 a0=960ec33 a1=28 a2=960f1a0 a3=960ec33 items=0 ppid=32384 pid=32386 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0 key=(null)
____________________________________________________________________________________Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
File_t is an unlabeled file. The kernel looks at the extended attributes of a file for its file context, if none are found it reports it as file_t. The only way you should be able to get a file_t is if you put in an unlabeled file system and moved the file over. This should not happen ordinarily. Also you can fix the file labels with a restorecon/chcon call rather then a full relabel, or you can just delete the file.
Is this file being created from a virtual machine? How is this file getting there?
--- Daniel J Walsh dwalsh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Antonio Olivares wrote:
Dear all,
I have done this before :
"touch /.autorelabel; reboot"
several days pass and I see this file_t again and
I
have to do "in quote" this again . What is file_t anyway? I do not know of any in my system.
Thanks,
Antonio
Summary:
SELinux is preventing access to files with the
label,
file_t.
Detailed Description:
SELinux permission checks on files labeled file_t
are
being denied. file_t is the context the SELinux kernel gives to files that
do
not have a label. This indicates a serious labeling problem. No files on
an
SELinux box should ever be labeled file_t. If you have just added a new disk drive to the system you can relabel it using the restorecon command. Otherwise
you
should relabel the entire files system.
Allowing Access:
You can execute the following command as root to relabel your computer system: "touch /.autorelabel; reboot"
Additional Information:
Source Context system_u:system_r:tmpreaper_t Target Context
system_u:object_r:file_t
Target Objects ./virtual-olivares.1dNZIJ [ dir ] Source tmpwatch Source Path /usr/sbin/tmpwatch Port <Unknown> Host localhost Source RPM Packages tmpwatch-2.9.13-2 Target RPM Packages Policy RPM selinux-policy-3.3.1-9.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name file Host Name localhost Platform Linux localhost 2.6.25-0.80.rc3.git2.fc9 #1 SMP Fri Feb 29 18:17:34
EST
2008 i686 athlon Alert Count 1 First Seen Mon 03 Mar 2008
10:01:18
AM CST Last Seen Mon 03 Mar 2008
10:01:18
AM CST Local ID 08676827-232c-4027-aa44-9431e45d6d53 Line Numbers
Raw Audit Messages
host=localhost type=AVC
msg=audit(1204560078.2:50):
avc: denied { rmdir } for pid=32386
comm="tmpwatch"
name="virtual-olivares.1dNZIJ" dev=dm-0
ino=31391789
scontext=system_u:system_r:tmpreaper_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
host=localhost type=SYSCALL msg=audit(1204560078.2:50): arch=40000003
syscall=40
success=no exit=-13 a0=960ec33 a1=28 a2=960f1a0 a3=960ec33 items=0 ppid=32384 pid=32386 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0 key=(null)
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
File_t is an unlabeled file. The kernel looks at the extended attributes of a file for its file context, if none are found it reports it as file_t. The only way you should be able to get a file_t is if you put in an unlabeled file system and moved the file over. This should not happen ordinarily. Also you can fix the file labels with a restorecon/chcon call rather then a full relabel, or you can just delete the file.
Is this file being created from a virtual machine? How is this file getting there?
I do not know, It might have happened when I copied a dvd. I have done this plenty of times before. touch ./autorelabel reboot and this file comes back to haunt me :(
I will do it again for the sake of it. If it comes back again, I will submit another complaint against it.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkfNW6QACgkQrlYvE4MpobPzUACfT2F2yntWpqzYgHfWZY2CDAwB
piIAnihXDsWWR9lHmsQ0zkgJMVCCYq/y =D9f5 -----END PGP SIGNATURE-----
-- fedora-test-list mailing list fedora-test-list@redhat.com To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
____________________________________________________________________________________ Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Antonio Olivares wrote:
SELinux is preventing access to files with the
label,
file_t.
Is this file being created from a virtual machine? How is this file getting there?
In my case it is definitely not a virtual machine (I'm not running any on that box), but I'm seeing the same thing happen with a variety of files in /tmp. They all seem to be session data files of some type.
I have hundreds of denials that happened with gconfd-2 a few days ago (socket files in tmp mostly). Now I see many of these accesses prevented to file_t.
Files such as: ./keyring-vaxTjg /tmp/fahcore-iolock.txt <- I'm running folding at home, it is doing that ./kdecache-lordmorgul /tmp/pulse-lordmorgul/pid /tmp/banshee-NDesk.DBus.Bus.txt /tmp/gnome-system-monitor.lordmorgul.777456431 ./virtual-lordmorgul.4FvBXq ./.esd-500 ./fah ./virtual-lordmorgul.xxxxx/
And more. These are all accesses denied to /usr/sbin/tmpwatch, files (normal and sockets) and directories all labeled file_t.
This list is about a third of the denials I've seen pop up just this morning. I've seen this occurring for several days (if not more than a week) just have not dealt with it yet. The issue is probably not a very recent change. I've had several relabels, new kernels, and new policy while seeing this same issue, many denials to /usr/bin/tmpwatch for file_t.
Andrew Farris wrote:
I have hundreds of denials that happened with gconfd-2 a few days ago (socket files in tmp mostly). Now I see many of these accesses prevented to file_t.
Files such as: ./keyring-vaxTjg /tmp/fahcore-iolock.txt <- I'm running folding at home, it is doing that ./kdecache-lordmorgul /tmp/pulse-lordmorgul/pid /tmp/banshee-NDesk.DBus.Bus.txt /tmp/gnome-system-monitor.lordmorgul.777456431 ./virtual-lordmorgul.4FvBXq ./.esd-500 ./fah ./virtual-lordmorgul.xxxxx/
And more. These are all accesses denied to /usr/sbin/tmpwatch, files (normal and sockets) and directories all labeled file_t.
Most of these are older files and directories as well. Is autorelabel *not* clearing out tmp when it labels? I wonder if it is failing to apply any label to these at that time?
Andrew Farris lordmorgul@gmail.com www.lordmorgul.net gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF 707E A2E0 F0F6 E622 C99B 1DF3 No one now has, and no one will ever again get, the big picture. - Daniel Geer ---- ----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Andrew Farris wrote:
Andrew Farris wrote:
I have hundreds of denials that happened with gconfd-2 a few days ago (socket files in tmp mostly). Now I see many of these accesses prevented to file_t.
Files such as: ./keyring-vaxTjg /tmp/fahcore-iolock.txt <- I'm running folding at home, it is doing that ./kdecache-lordmorgul /tmp/pulse-lordmorgul/pid /tmp/banshee-NDesk.DBus.Bus.txt /tmp/gnome-system-monitor.lordmorgul.777456431 ./virtual-lordmorgul.4FvBXq ./.esd-500 ./fah ./virtual-lordmorgul.xxxxx/
And more. These are all accesses denied to /usr/sbin/tmpwatch, files (normal and sockets) and directories all labeled file_t.
Most of these are older files and directories as well. Is autorelabel *not* clearing out tmp when it labels? I wonder if it is failing to apply any label to these at that time?
Yes autorelabel does not touch /tmp, you have to remove them manually.
I am wondering if I should allow tmpwatch to handle file_t.
Andrew Farris lordmorgul@gmail.com www.lordmorgul.net gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF 707E A2E0 F0F6 E622 C99B 1DF3 No one now has, and no one will ever again get, the big picture. - Daniel Geer
Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Andrew Farris wrote:
Andrew Farris wrote:
I have hundreds of denials that happened with gconfd-2 a few days ago (socket files in tmp mostly). Now I see many of these accesses prevented to file_t.
Files such as: ./keyring-vaxTjg /tmp/fahcore-iolock.txt <- I'm running folding at home, it is doing that ./kdecache-lordmorgul /tmp/pulse-lordmorgul/pid /tmp/banshee-NDesk.DBus.Bus.txt /tmp/gnome-system-monitor.lordmorgul.777456431 ./virtual-lordmorgul.4FvBXq ./.esd-500 ./fah ./virtual-lordmorgul.xxxxx/
And more. These are all accesses denied to /usr/sbin/tmpwatch, files (normal and sockets) and directories all labeled file_t.
Most of these are older files and directories as well. Is autorelabel *not* clearing out tmp when it labels? I wonder if it is failing to apply any label to these at that time?
Yes autorelabel does not touch /tmp, you have to remove them manually.
I am wondering if I should allow tmpwatch to handle file_t.
I'll look into whether they are getting created fresh with file_t or are just old. If they are only from prior logins perhaps tmpwatch does not need access to them, but should just be dontaudited for that case and keep restricting access to them.
--- Andrew Farris lordmorgul@gmail.com wrote:
Antonio Olivares wrote:
SELinux is preventing access to files with the
label,
file_t.
Is this file being created from a virtual
machine?
How is this file getting there?
In my case it is definitely not a virtual machine (I'm not running any on that box), but I'm seeing the same thing happen with a variety of files in /tmp. They all seem to be session data files of some type.
I have hundreds of denials that happened with gconfd-2 a few days ago (socket files in tmp mostly). Now I see many of these accesses prevented to file_t.
Files such as: ./keyring-vaxTjg /tmp/fahcore-iolock.txt <- I'm running folding at home, it is doing that ./kdecache-lordmorgul /tmp/pulse-lordmorgul/pid /tmp/banshee-NDesk.DBus.Bus.txt /tmp/gnome-system-monitor.lordmorgul.777456431 ./virtual-lordmorgul.4FvBXq ./.esd-500 ./fah ./virtual-lordmorgul.xxxxx/
And more. These are all accesses denied to /usr/sbin/tmpwatch, files (normal and sockets) and directories all labeled file_t.
This list is about a third of the denials I've seen pop up just this morning. I've seen this occurring for several days (if not more than a week) just have not dealt with it yet. The issue is probably not a very recent change. I've had several relabels, new kernels, and new policy while seeing this same issue, many denials to /usr/bin/tmpwatch for file_t.
-- Andrew Farris lordmorgul@gmail.com www.lordmorgul.net gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF 707E A2E0 F0F6 E622 C99B 1DF3 No one now has, and no one will ever again get, the big picture. - Daniel Geer
------ fedora-test-list mailing list fedora-test-list@redhat.com To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
Great to hear that Andrew, I thought I was the only one experiencing this kind of denials with the file_t. I have done touch ./autorelabel; reboot several times already and that is why I submit the setroubleshoot complaints.
Regards,
Antonio
____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Antonio Olivares wrote:
--- Andrew Farris lordmorgul@gmail.com wrote:
Antonio Olivares wrote:
SELinux is preventing access to files with the
label,
file_t.
Is this file being created from a virtual
machine?
How is this file getting there?
In my case it is definitely not a virtual machine (I'm not running any on that box), but I'm seeing the same thing happen with a variety of files in /tmp. They all seem to be session data files of some type.
I have hundreds of denials that happened with gconfd-2 a few days ago (socket files in tmp mostly). Now I see many of these accesses prevented to file_t.
Files such as: ./keyring-vaxTjg /tmp/fahcore-iolock.txt <- I'm running folding at home, it is doing that ./kdecache-lordmorgul /tmp/pulse-lordmorgul/pid /tmp/banshee-NDesk.DBus.Bus.txt /tmp/gnome-system-monitor.lordmorgul.777456431 ./virtual-lordmorgul.4FvBXq ./.esd-500 ./fah ./virtual-lordmorgul.xxxxx/
And more. These are all accesses denied to /usr/sbin/tmpwatch, files (normal and sockets) and directories all labeled file_t.
This list is about a third of the denials I've seen pop up just this morning. I've seen this occurring for several days (if not more than a week) just have not dealt with it yet. The issue is probably not a very recent change. I've had several relabels, new kernels, and new policy while seeing this same issue, many denials to /usr/bin/tmpwatch for file_t.
-- Andrew Farris lordmorgul@gmail.com www.lordmorgul.net gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF 707E A2E0 F0F6 E622 C99B 1DF3 No one now has, and no one will ever again get, the big picture. - Daniel Geer
------ fedora-test-list mailing list fedora-test-list@redhat.com To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
Great to hear that Andrew, I thought I was the only one experiencing this kind of denials with the file_t. I have done touch ./autorelabel; reboot several times already and that is why I submit the setroubleshoot complaints.
Regards,
Antonio
____________________________________________________________________________________Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Can you just delete these files from /tmp/
They may have been there before the relabel.
restorecon and fixfiles do not touch certain directories /tmp being one of them.
--- Daniel J Walsh dwalsh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Antonio Olivares wrote:
--- Andrew Farris lordmorgul@gmail.com wrote:
Antonio Olivares wrote:
SELinux is preventing access to files with the
label,
file_t.
Is this file being created from a virtual
machine?
How is this file getting there?
In my case it is definitely not a virtual machine (I'm not running any on that box), but I'm seeing the same thing happen with a variety of files in /tmp. They all seem to be session data files of some
type.
I have hundreds of denials that happened with gconfd-2 a few days ago (socket files in tmp mostly). Now I see many of these accesses prevented to file_t.
Files such as: ./keyring-vaxTjg /tmp/fahcore-iolock.txt <- I'm running folding
at
home, it is doing that ./kdecache-lordmorgul /tmp/pulse-lordmorgul/pid /tmp/banshee-NDesk.DBus.Bus.txt /tmp/gnome-system-monitor.lordmorgul.777456431 ./virtual-lordmorgul.4FvBXq ./.esd-500 ./fah ./virtual-lordmorgul.xxxxx/
And more. These are all accesses denied to /usr/sbin/tmpwatch, files (normal and sockets) and directories all labeled file_t.
This list is about a third of the denials I've
seen
pop up just this morning. I've seen this occurring for several days (if not more than a week) just have not dealt with it yet. The issue is probably not
a
very recent change. I've had several relabels, new kernels, and new policy while seeing this same issue, many denials to /usr/bin/tmpwatch for file_t.
-- Andrew Farris lordmorgul@gmail.com www.lordmorgul.net gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF 707E A2E0 F0F6 E622 C99B 1DF3 No one now has, and no one will ever again get,
the
big picture. - Daniel Geer
------ fedora-test-list mailing list fedora-test-list@redhat.com To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
Great to hear that Andrew, I thought I was the
only
one experiencing this kind of denials with the
file_t.
I have done touch ./autorelabel; reboot several
times
already and that is why I submit the
setroubleshoot
complaints.
Regards,
Antonio
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Can you just delete these files from /tmp/
They may have been there before the relabel.
restorecon and fixfiles do not touch certain directories /tmp being one of them.
Do I remove everything from /tmp/?
Is there a nice script that can do the job?
Thanks,
Antonio
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkfNu4MACgkQrlYvE4MpobObeQCgnNaaSY23kdHIRx9BWsLHe+YX
PrcAn3AZslkmVE/YB6VKH1x1Aupr/xAF =ntpr -----END PGP SIGNATURE-----
-- fedora-test-list mailing list fedora-test-list@redhat.com To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Antonio Olivares wrote:
--- Daniel J Walsh dwalsh@redhat.com wrote:
Antonio Olivares wrote:
--- Andrew Farris lordmorgul@gmail.com wrote:
Antonio Olivares wrote:
>> SELinux is preventing access to files with the > label, >> file_t. > Is this file being created from a virtual
machine?
> How is this file > getting there?
In my case it is definitely not a virtual machine (I'm not running any on that box), but I'm seeing the same thing happen with a variety of files in /tmp. They all seem to be session data files of some
type.
I have hundreds of denials that happened with gconfd-2 a few days ago (socket files in tmp mostly). Now I see many of these accesses prevented to file_t.
Files such as: ./keyring-vaxTjg /tmp/fahcore-iolock.txt <- I'm running folding
at
home, it is doing that ./kdecache-lordmorgul /tmp/pulse-lordmorgul/pid /tmp/banshee-NDesk.DBus.Bus.txt /tmp/gnome-system-monitor.lordmorgul.777456431 ./virtual-lordmorgul.4FvBXq ./.esd-500 ./fah ./virtual-lordmorgul.xxxxx/
And more. These are all accesses denied to /usr/sbin/tmpwatch, files (normal and sockets) and directories all labeled file_t.
This list is about a third of the denials I've
seen
pop up just this morning. I've seen this occurring for several days (if not more than a week) just have not dealt with it yet. The issue is probably not
a
very recent change. I've had several relabels, new kernels, and new policy while seeing this same issue, many denials to /usr/bin/tmpwatch for file_t.
-- Andrew Farris lordmorgul@gmail.com www.lordmorgul.net gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF 707E A2E0 F0F6 E622 C99B 1DF3 No one now has, and no one will ever again get,
the
big picture. - Daniel Geer
------ fedora-test-list mailing list fedora-test-list@redhat.com To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
Great to hear that Andrew, I thought I was the
only
one experiencing this kind of denials with the
file_t.
I have done touch ./autorelabel; reboot several
times
already and that is why I submit the
setroubleshoot
complaints.
Regards,
Antonio
Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Can you just delete these files from /tmp/
They may have been there before the relabel.
restorecon and fixfiles do not touch certain directories /tmp being one of them.
Do I remove everything from /tmp/?
Is there a nice script that can do the job?
I use tmpfs for /tmp. So mine dissapears every time I reboot.
rm -rf /tmp/* rm -rf /tmp/.??*
Should get rid of almost everything.
Thanks,
Antonio
- -- fedora-test-list mailing list fedora-test-list@redhat.com To unsubscribe:
____________________________________________________________________________________Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
--- Daniel J Walsh dwalsh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Antonio Olivares wrote:
--- Daniel J Walsh dwalsh@redhat.com wrote:
Antonio Olivares wrote:
--- Andrew Farris lordmorgul@gmail.com wrote:
Antonio Olivares wrote: >>> SELinux is preventing access to files with
the
>> label, >>> file_t. >> Is this file being created from a virtual machine? >> How is this file >> getting there? In my case it is definitely not a virtual
machine
(I'm not running any on that box), but I'm seeing the same thing happen
with a
variety of files in /tmp. They all seem to be session data files of some
type.
I have hundreds of denials that happened with gconfd-2 a few days ago (socket files in tmp mostly). Now I see many of these accesses prevented to file_t.
Files such as: ./keyring-vaxTjg /tmp/fahcore-iolock.txt <- I'm running
folding
at
home, it is doing that ./kdecache-lordmorgul /tmp/pulse-lordmorgul/pid /tmp/banshee-NDesk.DBus.Bus.txt /tmp/gnome-system-monitor.lordmorgul.777456431 ./virtual-lordmorgul.4FvBXq ./.esd-500 ./fah ./virtual-lordmorgul.xxxxx/
And more. These are all accesses denied to /usr/sbin/tmpwatch, files (normal and sockets) and directories all labeled
file_t.
This list is about a third of the denials I've
seen
pop up just this morning. I've seen this occurring for several days (if
not
more than a week) just have not dealt with it yet. The issue is probably
not
a
very recent change. I've had several relabels, new kernels, and new
policy
while seeing this same issue, many denials to /usr/bin/tmpwatch for file_t.
-- Andrew Farris lordmorgul@gmail.com www.lordmorgul.net gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27
40DF
707E A2E0 F0F6 E622 C99B 1DF3 No one now has, and no one will ever again
get,
the
big picture. - Daniel Geer
------ fedora-test-list mailing list fedora-test-list@redhat.com To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
Great to hear that Andrew, I thought I was the
only
one experiencing this kind of denials with the
file_t.
I have done touch ./autorelabel; reboot
several
times
already and that is why I submit the
setroubleshoot
complaints.
Regards,
Antonio
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
Can you just delete these files from /tmp/
They may have been there before the relabel.
restorecon and fixfiles do not touch certain directories /tmp being one of them.
Do I remove everything from /tmp/?
Is there a nice script that can do the job?
I use tmpfs for /tmp. So mine dissapears every time I reboot.
rm -rf /tmp/* rm -rf /tmp/.??*
Should get rid of almost everything.
Thanks,
Before I do that, there are some weird files
[olivares@localhost ~]$ ls /tmp/ -l total 348 drwx------ 2 gdm gdm 4096 2008-03-04 10:49 gconfd-gdm drwx------ 3 olivares olivares 4096 2008-03-04 11:04 gconfd-olivares drwx------ 2 root root 4096 2008-03-04 15:13 gconfd-root drwxr-xr-x 2 olivares olivares 4096 2008-03-04 15:12 hsperfdata_olivares srwx------ 1 olivares olivares 0 2007-05-30 17:15 jpsock.160_01.3063 drwx------ 2 olivares olivares 4096 2008-03-04 11:04 keyring-3YpHWB drwx------ 2 olivares olivares 4096 2007-08-21 17:50 keyring-98YPsV drwx------ 2 student student 4096 2007-10-04 07:44 keyring-9cnsqN drwx------ 2 olivares olivares 4096 2008-01-07 10:31 keyring-gATNwh drwx------ 2 olivares olivares 4096 2007-04-30 09:16 keyring-nvojTj drwx------ 2 olivares olivares 4096 2008-03-04 12:55 ksocket-olivares7bWMhJ srwxrwxr-x 1 olivares olivares 0 2008-01-21 14:34 mapping-olivares srwxr-xr-x 1 root root 0 2008-01-11 07:25 mapping-root srwxrwxr-x 1 student student 0 2007-12-05 19:27 mapping-student drwx------ 2 olivares olivares 4096 2008-03-04 16:10 orbit-olivares drwx------ 2 root root 4096 2008-03-04 15:13 orbit-root srwxr-xr-x 1 root root 0 2007-12-04 08:11 OSL_PIPE_0_2bd020fe1587dc999ece75f37f2ff4053b66fda170866d8b66cc89b9ad618d drwx------ 2 olivares olivares 4096 2008-03-04 11:04 pulse-olivares srwxrwxr-x 1 olivares olivares 0 2007-12-04 07:32 sound-juicer.olivares.2013114191 drwx------ 2 olivares olivares 4096 2008-03-04 11:04 ssh-AeyUZg2591 drwx------ 2 olivares olivares 4096 2008-02-25 06:41 virtual-olivares.0IrJXJ drwx------ 2 olivares olivares 4096 2008-02-25 20:04 virtual-olivares.0IsbF2 drwx------ 2 olivares olivares 4096 2007-12-17 19:43 virtual-olivares.1dNZIJ drwx------ 2 olivares olivares 4096 2008-03-03 15:57 virtual-olivares.60DrNY drwx------ 2 olivares olivares 4096 2008-02-28 07:05 virtual-olivares.7Eg67N drwx------ 2 olivares olivares 4096 2008-03-04 11:04 virtual-olivares.7S43Ml drwx------ 2 olivares olivares 4096 2008-02-29 08:42 virtual-olivares.BbWGxV drwx------ 2 olivares olivares 4096 2008-02-27 13:01 virtual-olivares.cRrDgh drwx------ 2 olivares olivares 4096 2008-02-28 08:46 virtual-olivares.DErTwi drwx------ 2 olivares olivares 4096 2008-02-29 07:13 virtual-olivares.FsTki9 drwx------ 2 olivares olivares 4096 2008-02-26 06:54 virtual-olivares.G2sbHC drwx------ 2 olivares olivares 4096 2008-02-25 06:42 virtual-olivares.glOezL drwx------ 2 olivares olivares 4096 2008-02-27 13:00 virtual-olivares.hkTtsA drwx------ 2 olivares olivares 4096 2008-02-25 07:22 virtual-olivares.JraxKG drwx------ 2 olivares olivares 4096 2008-03-03 19:52 virtual-olivares.JZpc0I drwx------ 2 olivares olivares 4096 2008-02-23 13:06 virtual-olivares.OmUC1A drwx------ 2 olivares olivares 4096 2008-02-28 13:57 virtual-olivares.oSpn4q drwx------ 2 olivares olivares 4096 2007-12-18 06:49 virtual-olivares.p28akz drwx------ 2 olivares olivares 4096 2008-02-23 13:07 virtual-olivares.RhlZSn drwx------ 2 olivares olivares 4096 2008-02-28 06:44 virtual-olivares.s23xtq drwx------ 2 olivares olivares 4096 2008-03-04 08:16 virtual-olivares.s7oLmz drwx------ 2 olivares olivares 4096 2008-02-25 20:08 virtual-olivares.v3OWZp drwx------ 2 olivares olivares 4096 2008-03-03 07:40 virtual-olivares.vqBGWb drwx------ 2 olivares olivares 4096 2008-03-04 08:20 virtual-olivares.VV5Brr drwx------ 2 olivares olivares 4096 2008-02-25 07:23 virtual-olivares.wIcOer drwx------ 2 olivares olivares 4096 2008-02-28 07:06 virtual-olivares.WRWIoq drwx------ 2 olivares olivares 4096 2007-12-14 19:20 virtual-olivares.y45zjf drwx------ 2 olivares olivares 4096 2008-02-25 07:24 virtual-olivares.ytSiIX
Are these files important?
How do I use tmpfs for /tmp ?
I have heard of it, but never understood how it work(s)(ed)
Regards,
Antonio
____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Antonio Olivares wrote:
--- Daniel J Walsh dwalsh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Antonio Olivares wrote:
--- Daniel J Walsh dwalsh@redhat.com wrote:
Antonio Olivares wrote:
--- Andrew Farris lordmorgul@gmail.com wrote:
> Antonio Olivares wrote: >>>> SELinux is preventing access to files with
the
>>> label, >>>> file_t. >>> Is this file being created from a virtual > machine? >>> How is this file >>> getting there? > In my case it is definitely not a virtual
machine
> (I'm not running any on that > box), but I'm seeing the same thing happen
with a
> variety of files in /tmp. > They all seem to be session data files of some
type.
> I have hundreds of denials that happened with > gconfd-2 a few days ago (socket > files in tmp mostly). Now I see many of these > accesses prevented to file_t. > > Files such as: > ./keyring-vaxTjg > /tmp/fahcore-iolock.txt <- I'm running
folding
at
> home, it is doing that > ./kdecache-lordmorgul > /tmp/pulse-lordmorgul/pid > /tmp/banshee-NDesk.DBus.Bus.txt > /tmp/gnome-system-monitor.lordmorgul.777456431 > ./virtual-lordmorgul.4FvBXq > ./.esd-500 > ./fah > ./virtual-lordmorgul.xxxxx/ > > And more. These are all accesses denied to > /usr/sbin/tmpwatch, files (normal > and sockets) and directories all labeled
file_t.
> This list is about a third of the denials I've
seen
> pop up just this morning. > I've seen this occurring for several days (if
not
> more than a week) just have > not dealt with it yet. The issue is probably
not
a
> very recent change. I've > had several relabels, new kernels, and new
policy
> while seeing this same issue, > many denials to /usr/bin/tmpwatch for file_t. > > -- > Andrew Farris lordmorgul@gmail.com > www.lordmorgul.net > gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27
40DF
> 707E A2E0 F0F6 E622 C99B 1DF3 > No one now has, and no one will ever again
get,
the
> big picture. - Daniel Geer > ----
> ---- > > -- > fedora-test-list mailing list > fedora-test-list@redhat.com > To unsubscribe: >
https://www.redhat.com/mailman/listinfo/fedora-test-list
Great to hear that Andrew, I thought I was the
only
one experiencing this kind of denials with the
file_t.
I have done touch ./autorelabel; reboot
several
times
already and that is why I submit the
setroubleshoot
complaints.
Regards,
Antonio
Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Can you just delete these files from /tmp/
They may have been there before the relabel.
restorecon and fixfiles do not touch certain directories /tmp being one of them.
Do I remove everything from /tmp/? Is there a nice script that can do the job?
I use tmpfs for /tmp. So mine dissapears every time I reboot.
rm -rf /tmp/* rm -rf /tmp/.??*
Should get rid of almost everything.
Thanks,
Before I do that, there are some weird files
[olivares@localhost ~]$ ls /tmp/ -l total 348 drwx------ 2 gdm gdm 4096 2008-03-04 10:49 gconfd-gdm drwx------ 3 olivares olivares 4096 2008-03-04 11:04 gconfd-olivares drwx------ 2 root root 4096 2008-03-04 15:13 gconfd-root drwxr-xr-x 2 olivares olivares 4096 2008-03-04 15:12 hsperfdata_olivares srwx------ 1 olivares olivares 0 2007-05-30 17:15 jpsock.160_01.3063 drwx------ 2 olivares olivares 4096 2008-03-04 11:04 keyring-3YpHWB drwx------ 2 olivares olivares 4096 2007-08-21 17:50 keyring-98YPsV drwx------ 2 student student 4096 2007-10-04 07:44 keyring-9cnsqN drwx------ 2 olivares olivares 4096 2008-01-07 10:31 keyring-gATNwh drwx------ 2 olivares olivares 4096 2007-04-30 09:16 keyring-nvojTj drwx------ 2 olivares olivares 4096 2008-03-04 12:55 ksocket-olivares7bWMhJ srwxrwxr-x 1 olivares olivares 0 2008-01-21 14:34 mapping-olivares srwxr-xr-x 1 root root 0 2008-01-11 07:25 mapping-root srwxrwxr-x 1 student student 0 2007-12-05 19:27 mapping-student drwx------ 2 olivares olivares 4096 2008-03-04 16:10 orbit-olivares drwx------ 2 root root 4096 2008-03-04 15:13 orbit-root srwxr-xr-x 1 root root 0 2007-12-04 08:11 OSL_PIPE_0_2bd020fe1587dc999ece75f37f2ff4053b66fda170866d8b66cc89b9ad618d drwx------ 2 olivares olivares 4096 2008-03-04 11:04 pulse-olivares srwxrwxr-x 1 olivares olivares 0 2007-12-04 07:32 sound-juicer.olivares.2013114191 drwx------ 2 olivares olivares 4096 2008-03-04 11:04 ssh-AeyUZg2591 drwx------ 2 olivares olivares 4096 2008-02-25 06:41 virtual-olivares.0IrJXJ drwx------ 2 olivares olivares 4096 2008-02-25 20:04 virtual-olivares.0IsbF2 drwx------ 2 olivares olivares 4096 2007-12-17 19:43 virtual-olivares.1dNZIJ drwx------ 2 olivares olivares 4096 2008-03-03 15:57 virtual-olivares.60DrNY drwx------ 2 olivares olivares 4096 2008-02-28 07:05 virtual-olivares.7Eg67N drwx------ 2 olivares olivares 4096 2008-03-04 11:04 virtual-olivares.7S43Ml drwx------ 2 olivares olivares 4096 2008-02-29 08:42 virtual-olivares.BbWGxV drwx------ 2 olivares olivares 4096 2008-02-27 13:01 virtual-olivares.cRrDgh drwx------ 2 olivares olivares 4096 2008-02-28 08:46 virtual-olivares.DErTwi drwx------ 2 olivares olivares 4096 2008-02-29 07:13 virtual-olivares.FsTki9 drwx------ 2 olivares olivares 4096 2008-02-26 06:54 virtual-olivares.G2sbHC drwx------ 2 olivares olivares 4096 2008-02-25 06:42 virtual-olivares.glOezL drwx------ 2 olivares olivares 4096 2008-02-27 13:00 virtual-olivares.hkTtsA drwx------ 2 olivares olivares 4096 2008-02-25 07:22 virtual-olivares.JraxKG drwx------ 2 olivares olivares 4096 2008-03-03 19:52 virtual-olivares.JZpc0I drwx------ 2 olivares olivares 4096 2008-02-23 13:06 virtual-olivares.OmUC1A drwx------ 2 olivares olivares 4096 2008-02-28 13:57 virtual-olivares.oSpn4q drwx------ 2 olivares olivares 4096 2007-12-18 06:49 virtual-olivares.p28akz drwx------ 2 olivares olivares 4096 2008-02-23 13:07 virtual-olivares.RhlZSn drwx------ 2 olivares olivares 4096 2008-02-28 06:44 virtual-olivares.s23xtq drwx------ 2 olivares olivares 4096 2008-03-04 08:16 virtual-olivares.s7oLmz drwx------ 2 olivares olivares 4096 2008-02-25 20:08 virtual-olivares.v3OWZp drwx------ 2 olivares olivares 4096 2008-03-03 07:40 virtual-olivares.vqBGWb drwx------ 2 olivares olivares 4096 2008-03-04 08:20 virtual-olivares.VV5Brr drwx------ 2 olivares olivares 4096 2008-02-25 07:23 virtual-olivares.wIcOer drwx------ 2 olivares olivares 4096 2008-02-28 07:06 virtual-olivares.WRWIoq drwx------ 2 olivares olivares 4096 2007-12-14 19:20 virtual-olivares.y45zjf drwx------ 2 olivares olivares 4096 2008-02-25 07:24 virtual-olivares.ytSiIX
Are these files important?
Well you will probably need a reboot after you delete the files. But if they are in /tmp they should be temporary.
But if you just want to get rid of the file_t files
The following will print the names
# find /tmp -context "*:file_t*"
This command will delete.
# find /tmp -context "*:file_t*" -exec rm {} ; -print
How do I use tmpfs for /tmp ?
grep /tmp /etc/fstab tmpfs /tmp tmpfs defaults 0 0
I have heard of it, but never understood how it work(s)(ed)
Regards,
Antonio
____________________________________________________________________________________Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Antonio Olivares wrote:
Are these files important?
Well you will probably need a reboot after you delete the files. But if they are in /tmp they should be temporary.
If you're in runlevel 3 without X running you should have problem at all deleting everything in /tmp and then just logging back in. I've regularly done that for a long time (although given our current issue.. maybe rebooting wouldn't hurt). I think the problem came from a change in the policy that did not end up fixing the labels in tmp and somehow they ended up with none?
--- Daniel J Walsh dwalsh@redhat.com wrote:
=== message truncated === Well you will probably need a reboot after you delete the files. But if they are in /tmp they should be temporary.
But if you just want to get rid of the file_t files
The following will print the names
# find /tmp -context "*:file_t*"
This command will delete.
# find /tmp -context "*:file_t*" -exec rm {} ; -print
How do I use tmpfs for /tmp ?
grep /tmp /etc/fstab tmpfs /tmp tmpfs defaults 0 0
=== message truncated ===
[root@localhost ~]# cat /etc/fstab /dev/VolGroup00/LogVol00 / ext3 defaults 1 1 LABEL=/boot /boot ext3 defaults 1 2 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 /dev/sda5 swap swap defaults 0 0 /dev/VolGroup00/LogVol01 swap swap defaults 0 0
[root@localhost ~]# find /tmp/ -content "*:file_t*" find: invalid predicate `-content' [root@localhost ~]# find /tmp/ -context "*:file_t*" /tmp/virtual-olivares.y45zjf /tmp/virtual-olivares.p28akz /tmp/virtual-olivares.1dNZIJ [root@localhost ~]# find /tmp/ -context "*:file_t*" -exec rm {} ; -print rm: cannot remove `/tmp/virtual-olivares.y45zjf': Is a directory rm: cannot remove `/tmp/virtual-olivares.p28akz': Is a directory rm: cannot remove `/tmp/virtual-olivares.1dNZIJ': Is a directory [root@localhost ~]# grep /tmp/ /etc/fstab [root@localhost ~]# rm -rf /tmp/* [root@localhost ~]# rm -rf /.??* [root@localhost ~]# find /tmp/ -context "*:file_t*" -exec rm {} ; -print
Done!
Hope the file does not come back :)
Thanks for helping out with file_t.
Regards,
Antonio
____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
On Tue, Mar 4, 2008 at 6:12 PM, Antonio Olivares olivares14031@yahoo.com wrote:
Hope the file does not come back :)
I went ahead and switched my setup to use tmpfs as well, and cleared out /tmp completely then logged back in. I have no problems with file_t in tmp yet, but I do in my home. Here is what showed up. I didn't realize the files I posted before were partially here in my home causing these denials.
Summary:
SELinux is preventing access to files with the label, file_t.
host=cirithungol type=AVC msg=audit(1204690113.416:341): avc: denied { read } for pid=16945 comm="npviewer.bin" name=".Xauthority" dev=sdb2 ino=3742 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file
host=cirithungol type=SYSCALL msg=audit(1204690113.416:341): arch=40000003 syscall=33 success=no exit=-13 a0=bfa3afb9 a1=4 a2=b1d9f0 a3=bfa3afb9 items=0 ppid=16931 pid=16945 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null)
Summary:
SELinux is preventing access to files with the label, file_t.
host=cirithungol type=AVC msg=audit(1204689737.53:325): avc: denied { read } for pid=16233 comm="ck-get-x11-serv" name=".Xauthority" dev=sdb2 ino=3742 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file
host=cirithungol type=SYSCALL msg=audit(1204689737.53:325): arch=40000003 syscall=33 success=no exit=-13 a0=bfd33fa6 a1=4 a2=b1d9f0 a3=bfd33fa6 items=0 ppid=16232 pid=16233 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="ck-get-x11-serv" exe="/usr/libexec/ck-get-x11-server-pid" subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null)
It turns out ~/.Xauthority is labeled file_t, so is ~/.xsession-errors. I've just deleted both and going to see if they get labeled right when I login again. These should be user_home_t I would assume...
'ls -lRz ~ | grep file_t' showed hundreds of files labeled file_t. Going to go relabel everything again and see if they persist.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Johann B. Gudmundsson wrote:
restorecon and fixfiles do not touch certain directories /tmp being one of them.
And the other ones being? Good to keep in the back of your head and on the wiki :) ..
Best regards Johann B.
grep '<none>' /etc/selinux/targeted/contexts/files/file_contexts /sys/.* <<none>> /tmp/.* <<none>> /mnt/[^/]*/.* <<none>> /proc/.* <<none>> /media/[^/]*/.* <<none>> /dev/pts(/.*)? <<none>> /var/tmp/.* <<none>> /usr/tmp/.* <<none>> /selinux/.* <<none>> /var/run/.*.*pid <<none>> /lost+found/.* <<none>> /var/spool/at/[^/]* -- <<none>> /tmp/.X11-unix/.* -s <<none>> /tmp/.ICE-unix/.* -s <<none>> /var/lost+found/.* <<none>> /usr/lost+found/.* <<none>> /tmp/lost+found/.* <<none>> /var/spool/cron/[^/]* -- <<none>> /var/run/screens?/S-[^/]+/.* <<none>> /var/spool/fcron/.* <<none>> /boot/lost+found/.* <<none>> /var/tmp/lost+found/.* <<none>> /usr/local/lost+found/.* <<none>> /var/lib/nfs/rpc_pipefs(/.*)? <<none>> /var/spool/cron/crontabs/.* -- <<none>> /sys -d <<none>> /proc -d <<none>> /selinux -d <<none>> /.journal <<none>> /var/.journal <<none>> /tmp/.journal <<none>> /usr/.journal <<none>> /boot/.journal <<none>> /usr/local/.journal <<none>>
-
"Jóhann B. Guðmundsson" -
Andrew Farris -
Antonio Olivares -
Daniel J Walsh