Re: SELinux denial - F12
On 12/27/2009 07:20 AM, Kurian Thayil wrote: Hi, Installed F12 and did a security update. Now, I get SELinux denial error. SELinux currently in permissive mode. Summary: SELinux is preventing access to files with the label, file_t. Detailed Description: SELinux permission checks on files labeled file_t are being denied. file_t is the context the SELinux kernel gives to files that do not have a label. This indicates a serious labeling problem. No files on an SELinux box should ever be labeled file_t. If you have just added a new disk drive to the system you can relabel it using the restorecon command. Otherwise you should relabel the entire file system. Allowing Access: You can execute the following command as root to relabel your computer system: touch /.autorelabel; reboot Additional Information: Source Contextsystem_u:system_r:xdm_t:s0-s0:c0.c1023 Target Contextsystem_u:object_r:file_t:s0 Target Objects/home [ dir ] Sourcegdm-simple-gree Source Path /usr/libexec/gdm-simple-greeter Port Unknown Host home-desktop Source RPM Packages gdm-2.28.1-24.fc12 Target RPM Packages filesystem-2.4.30-2.fc12 Policy RPMselinux-policy-3.6.32-41.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing ModeEnforcing Plugin Name file Host Name home-desktop Platform Linux home-desktop 2.6.31.5-127.fc12.i686.PAE #1 SMP Sat Nov 7 21:25:57 EST 2009 i686 i686 Alert Count 1 First SeenThu 24 Dec 2009 02:30:08 AM IST Last Seen Thu 24 Dec 2009 02:30:08 AM IST Local ID 6b1ff85c-05fe-4d37-945b-6cd2d54b92fa Line Numbers Raw Audit Messages node=home-desktop type=AVC msg=audit(1261602008.595:11510): avc: denied { search } for pid=1357 comm=gdm-simple-gree name=/ dev=sda2 ino=2 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=dir node=home-desktop type=SYSCALL msg=audit(1261602008.595:11510): arch=4003 syscall=292 success=no exit=-13 a0=12 a1=8d6f400 a2=1002fce a3=8d6ec48 items=0 ppid=1325 pid=1357 auid=4294967295 uid=42 gid=473 euid=42 suid=42 fsuid=42 egid=473 sgid=473 fsgid=473 tty=(none) ses=4294967295 comm=gdm-simple-gree exe=/usr/libexec/gdm-simple-greeter subj=system_u:system_r:xdm_t:s0- s0:c0.c1023 key=(null) Any idea why this happened after the update? What could be done to prevent this. I am quite a newbie in SELinux scenario. Does, restorecon command fix (restorecon /usr/libexec/gdm-simple-greeter)? Files in your homedir are mis-labelled. The easiest way to fix it is to You can execute the following command as root to relabel your computer system: touch /.autorelabel; reboot Andrew. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: SELinux denial - F12
ha.. the answer was in the question itself then!!! thanks for pointing it out.. i ll try tat.. On 12/27/09, Andrew Haley a...@redhat.com wrote: On 12/27/2009 07:20 AM, Kurian Thayil wrote: Hi, Installed F12 and did a security update. Now, I get SELinux denial error. SELinux currently in permissive mode. Summary: SELinux is preventing access to files with the label, file_t. Detailed Description: SELinux permission checks on files labeled file_t are being denied. file_t is the context the SELinux kernel gives to files that do not have a label. This indicates a serious labeling problem. No files on an SELinux box should ever be labeled file_t. If you have just added a new disk drive to the system you can relabel it using the restorecon command. Otherwise you should relabel the entire file system. Allowing Access: You can execute the following command as root to relabel your computer system: touch /.autorelabel; reboot Additional Information: Source Contextsystem_u:system_r:xdm_t:s0-s0:c0.c1023 Target Contextsystem_u:object_r:file_t:s0 Target Objects/home [ dir ] Sourcegdm-simple-gree Source Path /usr/libexec/gdm-simple-greeter Port Unknown Host home-desktop Source RPM Packages gdm-2.28.1-24.fc12 Target RPM Packages filesystem-2.4.30-2.fc12 Policy RPMselinux-policy-3.6.32-41.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing ModeEnforcing Plugin Name file Host Name home-desktop Platform Linux home-desktop 2.6.31.5-127.fc12.i686.PAE #1 SMP Sat Nov 7 21:25:57 EST 2009 i686 i686 Alert Count 1 First SeenThu 24 Dec 2009 02:30:08 AM IST Last Seen Thu 24 Dec 2009 02:30:08 AM IST Local ID 6b1ff85c-05fe-4d37-945b-6cd2d54b92fa Line Numbers Raw Audit Messages node=home-desktop type=AVC msg=audit(1261602008.595:11510): avc: denied { search } for pid=1357 comm=gdm-simple-gree name=/ dev=sda2 ino=2 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=dir node=home-desktop type=SYSCALL msg=audit(1261602008.595:11510): arch=4003 syscall=292 success=no exit=-13 a0=12 a1=8d6f400 a2=1002fce a3=8d6ec48 items=0 ppid=1325 pid=1357 auid=4294967295 uid=42 gid=473 euid=42 suid=42 fsuid=42 egid=473 sgid=473 fsgid=473 tty=(none) ses=4294967295 comm=gdm-simple-gree exe=/usr/libexec/gdm-simple-greeter subj=system_u:system_r:xdm_t:s0- s0:c0.c1023 key=(null) Any idea why this happened after the update? What could be done to prevent this. I am quite a newbie in SELinux scenario. Does, restorecon command fix (restorecon /usr/libexec/gdm-simple-greeter)? Files in your homedir are mis-labelled. The easiest way to fix it is to You can execute the following command as root to relabel your computer system: touch /.autorelabel; reboot Andrew. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: SELinux denial - F12
Kurian Thayil wrote: Hi, Installed F12 and did a security update. Now, I get SELinux denial error. SELinux currently in permissive mode. Summary: SELinux is preventing access to files with the label, file_t. Detailed Description: SELinux permission checks on files labeled file_t are being denied. file_t is the context the SELinux kernel gives to files that do not have a label. This indicates a serious labeling problem. No files on an SELinux box should ever be labeled file_t. If you have just added a new disk drive to the system you can relabel it using the restorecon command. Otherwise you should relabel the entire file system. Any idea why this happened after the update? What could be done to prevent this. I am quite a newbie in SELinux scenario. Does, restorecon command fix (restorecon /usr/libexec/gdm-simple-greeter)? See this: https://bugzilla.redhat.com/show_bug.cgi?id=549937 May be related, patch and workaround in the bug. -- Bill Davidsen david...@tmr.com We have more to fear from the bungling of the incompetent than from the machinations of the wicked. - from Slashdot -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
SELinux denial - F12
Hi, Installed F12 and did a security update. Now, I get SELinux denial error. SELinux currently in permissive mode. Summary: SELinux is preventing access to files with the label, file_t. Detailed Description: SELinux permission checks on files labeled file_t are being denied. file_t is the context the SELinux kernel gives to files that do not have a label. This indicates a serious labeling problem. No files on an SELinux box should ever be labeled file_t. If you have just added a new disk drive to the system you can relabel it using the restorecon command. Otherwise you should relabel the entire file system. Allowing Access: You can execute the following command as root to relabel your computer system: touch /.autorelabel; reboot Additional Information: Source Contextsystem_u:system_r:xdm_t:s0-s0:c0.c1023 Target Contextsystem_u:object_r:file_t:s0 Target Objects/home [ dir ] Sourcegdm-simple-gree Source Path /usr/libexec/gdm-simple-greeter Port Unknown Host home-desktop Source RPM Packages gdm-2.28.1-24.fc12 Target RPM Packages filesystem-2.4.30-2.fc12 Policy RPMselinux-policy-3.6.32-41.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing ModeEnforcing Plugin Name file Host Name home-desktop Platform Linux home-desktop 2.6.31.5-127.fc12.i686.PAE #1 SMP Sat Nov 7 21:25:57 EST 2009 i686 i686 Alert Count 1 First SeenThu 24 Dec 2009 02:30:08 AM IST Last Seen Thu 24 Dec 2009 02:30:08 AM IST Local ID 6b1ff85c-05fe-4d37-945b-6cd2d54b92fa Line Numbers Raw Audit Messages node=home-desktop type=AVC msg=audit(1261602008.595:11510): avc: denied { search } for pid=1357 comm=gdm-simple-gree name=/ dev=sda2 ino=2 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=dir node=home-desktop type=SYSCALL msg=audit(1261602008.595:11510): arch=4003 syscall=292 success=no exit=-13 a0=12 a1=8d6f400 a2=1002fce a3=8d6ec48 items=0 ppid=1325 pid=1357 auid=4294967295 uid=42 gid=473 euid=42 suid=42 fsuid=42 egid=473 sgid=473 fsgid=473 tty=(none) ses=4294967295 comm=gdm-simple-gree exe=/usr/libexec/gdm-simple-greeter subj=system_u:system_r:xdm_t:s0- s0:c0.c1023 key=(null) Any idea why this happened after the update? What could be done to prevent this. I am quite a newbie in SELinux scenario. Does, restorecon command fix (restorecon /usr/libexec/gdm-simple-greeter)? Regards, Kurian Thayil. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines