FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 09-08-2011, 08:45 PM
Robert Spangler
 
Default Trying to understand SELinux MSG

Hello,

I received the below SELinux message today and I am trying to figure out what
caused it. I see what it says under Allow Access but I am not sure this is
what I really want to do without know why it happened in the first place.

What should I be looking at to understand what or why this has happened?

Any help I would be most grateful for.



Here is the output form SELinux


SUMMARY:
SELinux is preventing access to files with the label, file_t.

Detailed Description:
SELinux permission checks on files labeled file_t are being denied. file_t is
the context the SELinux kernel gives to files that do not have a label. This
indicates a serious labeling problem. No files on an SELinux box should ever
be labeled file_t. If you have just added a new disk drive to the system you
can relabel it using the restorecon command. Otherwise you should relabel the
entire files system.

Allowing Access:
You can execute the following command as root to relabel your computer
system: "touch /.autorelabel; reboot"

Additional Information:
Source Context: user_u:system_ram_console_t
Target Context: system_ubject_r:file_t
Target Objects: / [ dir ]
Source: pam_console_appSource
Path: /sbin/pam_console_apply
Port: <Unknown>
Host: host1.mycompany.com
Source RPM Packages: pam-0.99.6.2-6.el5_5.2
Target RPM Packages: filesystem-2.4.0-3.el5.centos
Policy RPM: selinux-policy-2.4.6-316.el5
Selinux Enabled: True
Policy Type: targeted
MLS Enabled: True
Enforcing Mode: Enforcing
Plugin Name: file
Host Name: host1.mycompany.com
Platform: Linux host1.mycompany.com 2.6.18-238.19.1.el5 #1 SMP Fri Jul 15
07:31:24 EDT 2011 x86_64 x86_64
Alert Count: 77
First Seen: Thu 08 Sep 2011 02:04:40 PM EDT
Last Seen: Thu 08 Sep 2011 02:04:45 PM EDT
Local ID: 39ba9c3c-5ac0-4b91-aab1-8d871c20162c
Line Numbers:**

Raw Audit Messages :
host=host1.mycompany.com type=AVC msg=audit(1315505085.751:14929): avc: denied
{ read } for pid=690 comm="pam_console_app" name="/" dev=md4 ino=2
scontext=user_u:system_ram_console_t:s0
tcontext=system_ubject_r:file_t:s0 tclass=dir

host=host1.mycompany.com type=SYSCALL msg=audit(1315505085.751:14929):
arch=c000003e syscall=2 success=no exit=-13 a0=7fff0f2076c0 a1=10800 a2=0
a3=7fff0f209cca items=0 ppid=631 pid=690 auid=500 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="pam_console_app"
exe="/sbin/pam_console_apply" subj=user_u:system_ram_console_t:s0
key=(null)



--

Regards
Robert

Linux
The adventure of a lifetime.

Linux User #296285
Get Counted
http://linuxcounter.net/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-08-2011, 08:58 PM
Aaron Krohn
 
Default Trying to understand SELinux MSG

I'm not a pro or anything, but this bug report gives a bit more info.
Have you made any changes to the disk lately?

https://bugzilla.redhat.com/show_bug.cgi?id=485921

> find / -context "*:file_t:*"
The above command will show you what file is causing the messages.


On 09/08/2011 04:45 PM, Robert Spangler wrote:
> Hello,
>
> I received the below SELinux message today and I am trying to figure out what
> caused it. I see what it says under Allow Access but I am not sure this is
> what I really want to do without know why it happened in the first place.
>
> What should I be looking at to understand what or why this has happened?
>
> Any help I would be most grateful for.
>
>
>
> Here is the output form SELinux
>
>
> SUMMARY:
> SELinux is preventing access to files with the label, file_t.
>
> Detailed Description:
> SELinux permission checks on files labeled file_t are being denied. file_t is
> the context the SELinux kernel gives to files that do not have a label. This
> indicates a serious labeling problem. No files on an SELinux box should ever
> be labeled file_t. If you have just added a new disk drive to the system you
> can relabel it using the restorecon command. Otherwise you should relabel the
> entire files system.
>
> Allowing Access:
> You can execute the following command as root to relabel your computer
> system: "touch /.autorelabel; reboot"
>
> Additional Information:
> Source Context: user_u:system_ram_console_t
> Target Context: system_ubject_r:file_t
> Target Objects: / [ dir ]
> Source: pam_console_appSource
> Path: /sbin/pam_console_apply
> Port: <Unknown>
> Host: host1.mycompany.com
> Source RPM Packages: pam-0.99.6.2-6.el5_5.2
> Target RPM Packages: filesystem-2.4.0-3.el5.centos
> Policy RPM: selinux-policy-2.4.6-316.el5
> Selinux Enabled: True
> Policy Type: targeted
> MLS Enabled: True
> Enforcing Mode: Enforcing
> Plugin Name: file
> Host Name: host1.mycompany.com
> Platform: Linux host1.mycompany.com 2.6.18-238.19.1.el5 #1 SMP Fri Jul 15
> 07:31:24 EDT 2011 x86_64 x86_64
> Alert Count: 77
> First Seen: Thu 08 Sep 2011 02:04:40 PM EDT
> Last Seen: Thu 08 Sep 2011 02:04:45 PM EDT
> Local ID: 39ba9c3c-5ac0-4b91-aab1-8d871c20162c
> Line Numbers:
>
> Raw Audit Messages :
> host=host1.mycompany.com type=AVC msg=audit(1315505085.751:14929): avc: denied
> { read } for pid=690 comm="pam_console_app" name="/" dev=md4 ino=2
> scontext=user_u:system_ram_console_t:s0
> tcontext=system_ubject_r:file_t:s0 tclass=dir
>
> host=host1.mycompany.com type=SYSCALL msg=audit(1315505085.751:14929):
> arch=c000003e syscall=2 success=no exit=-13 a0=7fff0f2076c0 a1=10800 a2=0
> a3=7fff0f209cca items=0 ppid=631 pid=690 auid=500 uid=0 gid=0 euid=0 suid=0
> fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="pam_console_app"
> exe="/sbin/pam_console_apply" subj=user_u:system_ram_console_t:s0
> key=(null)
>
>
>


--
Aaron Krohn
Web Force Systems

Business Office:
131 Dillmont Drive, Suite 201
Columbus, OH 43235
Direct: 614-384-0019 Fax: 614-785-0871
Tech Support / Help Desk Direct: 614-384-0020

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-09-2011, 02:12 PM
Robert Spangler
 
Default Trying to understand SELinux MSG

On Thursday 08 September 2011 16:58, the following was written:

> I'm not a pro or anything, but this bug report gives a bit more info.
> Have you made any changes to the disk lately?
>
> https://bugzilla.redhat.com/show_bug.cgi?id=485921
>
> > find / -context "*:file_t:*"
>
> The above command will show you what file is causing the messages.

Thank you for your response. I do not make changes to the disk other then
software update and saving files.

I run your command above and its output is as follows:

~ $ sudo find / -context "*:file_t:*"
getfilecon(/proc/29073/task/29073/fd/4): No such file or directory
getfilecon(/proc/29073/task/29073/fdinfo/4): No such file or directory
getfilecon(/proc/29073/fd/4): No such file or directory
getfilecon(/proc/29073/fdinfo/4): No such file or directory

So it doesn't look like any files are labeled incorrectly.


--

Regards
Robert

Linux
The adventure of a lifetime.

Linux User #296285
Get Counted
http://linuxcounter.net/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-09-2011, 02:21 PM
 
Default Trying to understand SELinux MSG

Robert Spangler wrote:
> On Thursday 08 September 2011 16:58, the following was written:
>
>> I'm not a pro or anything, but this bug report gives a bit more info.
>> Have you made any changes to the disk lately?
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=485921
>>
>> > find / -context "*:file_t:*"
>>
>> The above command will show you what file is causing the messages.
>
> Thank you for your response. I do not make changes to the disk other then
> software update and saving files.
>
> I run your command above and its output is as follows:
>
> ~ $ sudo find / -context "*:file_t:*"
> getfilecon(/proc/29073/task/29073/fd/4): No such file or directory
> getfilecon(/proc/29073/task/29073/fdinfo/4): No such file or directory
> getfilecon(/proc/29073/fd/4): No such file or directory
> getfilecon(/proc/29073/fdinfo/4): No such file or directory
>
> So it doesn't look like any files are labeled incorrectly.

That's the total output?

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-09-2011, 02:42 PM
Robert Spangler
 
Default Trying to understand SELinux MSG

On Friday 09 September 2011 10:21, the following was written:

> That's the total output?

Yep. Nothing more. I ran it again and here is the new output:

[Fri Sep 09 10:40:20] [rjs@bms] /home/rjs

~ $ sudo find / -context "*:file_t:*"
getfilecon(/proc/7408/task/7408/fd/4): No such file or directory
getfilecon(/proc/7408/task/7408/fdinfo/4): No such file or directory
getfilecon(/proc/7408/fd/4): No such file or directory
getfilecon(/proc/7408/fdinfo/4): No such file or directory

[Fri Sep 09 10:40:44] [rjs@bms] /home/rjs


--

Regards
Robert

Linux
The adventure of a lifetime.

Linux User #296285
Get Counted
http://linuxcounter.net/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 01:21 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org