Re: SELinux denial - F12
On 12/27/2009 07:20 AM, Kurian Thayil wrote:
Hi,
Installed F12 and did a security update. Now, I get SELinux denial error.
SELinux currently in permissive mode.
Summary:
SELinux is preventing access to files with the label, file_t.
Detailed Description:
SELinux permission checks on files labeled file_t are being denied. file_t is
the context the SELinux kernel gives to files that do not have a label. This
indicates a serious labeling problem. No files on an SELinux box should ever
be
labeled file_t. If you have just added a new disk drive to the system you can
relabel it using the restorecon command. Otherwise you should relabel the
entire
file system.
Allowing Access:
You can execute the following command as root to relabel your computer system:
touch /.autorelabel; reboot
Additional Information:
Source Contextsystem_u:system_r:xdm_t:s0-s0:c0.c1023
Target Contextsystem_u:object_r:file_t:s0
Target Objects/home [ dir ]
Sourcegdm-simple-gree
Source Path /usr/libexec/gdm-simple-greeter
Port Unknown
Host home-desktop
Source RPM Packages gdm-2.28.1-24.fc12
Target RPM Packages filesystem-2.4.30-2.fc12
Policy RPMselinux-policy-3.6.32-41.fc12
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing ModeEnforcing
Plugin Name file
Host Name home-desktop
Platform Linux home-desktop 2.6.31.5-127.fc12.i686.PAE #1
SMP Sat Nov 7 21:25:57 EST 2009 i686 i686
Alert Count 1
First SeenThu 24 Dec 2009 02:30:08 AM IST
Last Seen Thu 24 Dec 2009 02:30:08 AM IST
Local ID 6b1ff85c-05fe-4d37-945b-6cd2d54b92fa
Line Numbers
Raw Audit Messages
node=home-desktop type=AVC msg=audit(1261602008.595:11510): avc: denied {
search } for pid=1357 comm=gdm-simple-gree name=/ dev=sda2 ino=2
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:file_t:s0 tclass=dir
node=home-desktop type=SYSCALL msg=audit(1261602008.595:11510): arch=4003
syscall=292 success=no exit=-13 a0=12 a1=8d6f400 a2=1002fce a3=8d6ec48
items=0
ppid=1325 pid=1357 auid=4294967295 uid=42 gid=473 euid=42 suid=42 fsuid=42
egid=473 sgid=473 fsgid=473 tty=(none) ses=4294967295 comm=gdm-simple-gree
exe=/usr/libexec/gdm-simple-greeter subj=system_u:system_r:xdm_t:s0-
s0:c0.c1023 key=(null)
Any idea why this happened after the update? What could be done to prevent
this. I am quite a newbie in SELinux scenario. Does, restorecon command fix
(restorecon /usr/libexec/gdm-simple-greeter)?
Files in your homedir are mis-labelled. The easiest way to fix it is to
You can execute the following command as root to relabel your computer system:
touch /.autorelabel; reboot
Andrew.
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: SELinux denial - F12
ha.. the answer was in the question itself then!!! thanks for pointing
it out.. i ll try tat..
On 12/27/09, Andrew Haley a...@redhat.com wrote:
On 12/27/2009 07:20 AM, Kurian Thayil wrote:
Hi,
Installed F12 and did a security update. Now, I get SELinux denial error.
SELinux currently in permissive mode.
Summary:
SELinux is preventing access to files with the label, file_t.
Detailed Description:
SELinux permission checks on files labeled file_t are being denied. file_t
is
the context the SELinux kernel gives to files that do not have a label.
This
indicates a serious labeling problem. No files on an SELinux box should
ever be
labeled file_t. If you have just added a new disk drive to the system you
can
relabel it using the restorecon command. Otherwise you should relabel the
entire
file system.
Allowing Access:
You can execute the following command as root to relabel your computer
system:
touch /.autorelabel; reboot
Additional Information:
Source Contextsystem_u:system_r:xdm_t:s0-s0:c0.c1023
Target Contextsystem_u:object_r:file_t:s0
Target Objects/home [ dir ]
Sourcegdm-simple-gree
Source Path /usr/libexec/gdm-simple-greeter
Port Unknown
Host home-desktop
Source RPM Packages gdm-2.28.1-24.fc12
Target RPM Packages filesystem-2.4.30-2.fc12
Policy RPMselinux-policy-3.6.32-41.fc12
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing ModeEnforcing
Plugin Name file
Host Name home-desktop
Platform Linux home-desktop
2.6.31.5-127.fc12.i686.PAE #1
SMP Sat Nov 7 21:25:57 EST 2009 i686 i686
Alert Count 1
First SeenThu 24 Dec 2009 02:30:08 AM IST
Last Seen Thu 24 Dec 2009 02:30:08 AM IST
Local ID 6b1ff85c-05fe-4d37-945b-6cd2d54b92fa
Line Numbers
Raw Audit Messages
node=home-desktop type=AVC msg=audit(1261602008.595:11510): avc: denied
{
search } for pid=1357 comm=gdm-simple-gree name=/ dev=sda2 ino=2
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:file_t:s0 tclass=dir
node=home-desktop type=SYSCALL msg=audit(1261602008.595:11510):
arch=4003
syscall=292 success=no exit=-13 a0=12 a1=8d6f400 a2=1002fce a3=8d6ec48
items=0
ppid=1325 pid=1357 auid=4294967295 uid=42 gid=473 euid=42 suid=42 fsuid=42
egid=473 sgid=473 fsgid=473 tty=(none) ses=4294967295
comm=gdm-simple-gree
exe=/usr/libexec/gdm-simple-greeter subj=system_u:system_r:xdm_t:s0-
s0:c0.c1023 key=(null)
Any idea why this happened after the update? What could be done to prevent
this. I am quite a newbie in SELinux scenario. Does, restorecon command
fix
(restorecon /usr/libexec/gdm-simple-greeter)?
Files in your homedir are mis-labelled. The easiest way to fix it is to
You can execute the following command as root to relabel your computer
system:
touch /.autorelabel; reboot
Andrew.
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: SELinux denial - F12
Kurian Thayil wrote: Hi, Installed F12 and did a security update. Now, I get SELinux denial error. SELinux currently in permissive mode. Summary: SELinux is preventing access to files with the label, file_t. Detailed Description: SELinux permission checks on files labeled file_t are being denied. file_t is the context the SELinux kernel gives to files that do not have a label. This indicates a serious labeling problem. No files on an SELinux box should ever be labeled file_t. If you have just added a new disk drive to the system you can relabel it using the restorecon command. Otherwise you should relabel the entire file system. Any idea why this happened after the update? What could be done to prevent this. I am quite a newbie in SELinux scenario. Does, restorecon command fix (restorecon /usr/libexec/gdm-simple-greeter)? See this: https://bugzilla.redhat.com/show_bug.cgi?id=549937 May be related, patch and workaround in the bug. -- Bill Davidsen david...@tmr.com We have more to fear from the bungling of the incompetent than from the machinations of the wicked. - from Slashdot -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
SELinux denial - F12
Hi,
Installed F12 and did a security update. Now, I get SELinux denial error.
SELinux currently in permissive mode.
Summary:
SELinux is preventing access to files with the label, file_t.
Detailed Description:
SELinux permission checks on files labeled file_t are being denied. file_t is
the context the SELinux kernel gives to files that do not have a label. This
indicates a serious labeling problem. No files on an SELinux box should ever be
labeled file_t. If you have just added a new disk drive to the system you can
relabel it using the restorecon command. Otherwise you should relabel the
entire
file system.
Allowing Access:
You can execute the following command as root to relabel your computer system:
touch /.autorelabel; reboot
Additional Information:
Source Contextsystem_u:system_r:xdm_t:s0-s0:c0.c1023
Target Contextsystem_u:object_r:file_t:s0
Target Objects/home [ dir ]
Sourcegdm-simple-gree
Source Path /usr/libexec/gdm-simple-greeter
Port Unknown
Host home-desktop
Source RPM Packages gdm-2.28.1-24.fc12
Target RPM Packages filesystem-2.4.30-2.fc12
Policy RPMselinux-policy-3.6.32-41.fc12
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing ModeEnforcing
Plugin Name file
Host Name home-desktop
Platform Linux home-desktop 2.6.31.5-127.fc12.i686.PAE #1
SMP Sat Nov 7 21:25:57 EST 2009 i686 i686
Alert Count 1
First SeenThu 24 Dec 2009 02:30:08 AM IST
Last Seen Thu 24 Dec 2009 02:30:08 AM IST
Local ID 6b1ff85c-05fe-4d37-945b-6cd2d54b92fa
Line Numbers
Raw Audit Messages
node=home-desktop type=AVC msg=audit(1261602008.595:11510): avc: denied {
search } for pid=1357 comm=gdm-simple-gree name=/ dev=sda2 ino=2
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:file_t:s0 tclass=dir
node=home-desktop type=SYSCALL msg=audit(1261602008.595:11510): arch=4003
syscall=292 success=no exit=-13 a0=12 a1=8d6f400 a2=1002fce a3=8d6ec48 items=0
ppid=1325 pid=1357 auid=4294967295 uid=42 gid=473 euid=42 suid=42 fsuid=42
egid=473 sgid=473 fsgid=473 tty=(none) ses=4294967295 comm=gdm-simple-gree
exe=/usr/libexec/gdm-simple-greeter subj=system_u:system_r:xdm_t:s0-
s0:c0.c1023 key=(null)
Any idea why this happened after the update? What could be done to prevent
this. I am quite a newbie in SELinux scenario. Does, restorecon command fix
(restorecon /usr/libexec/gdm-simple-greeter)?
Regards,
Kurian Thayil.
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
