FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 09-26-2011, 02:00 PM
Tony Molloy
 
Default updpwd AVC

Hi,




On a fully updated CentOS 5.7 box I get the following AVC




Summary:




SELinux is preventing unix_update (updpwd_t) "getattr" to / (fs_t).




Detailed Description:




SELinux denied access requested by unix_update. It is not expected that this

access is required by unix_update and this access may signal an intrusion

attempt. It is also possible that the specific version or configuration of the

application is causing it to require additional access.




Allowing Access:




You can generate a local policy module to allow this access - see FAQ

(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable

SELinux protection altogether. Disabling SELinux protection is not recommended.

Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)

against this package.




Additional Information:




Source Context system_u:system_r:updpwd_t

Target Context system_ubject_r:fs_t

Target Objects / [ filesystem ]

Source unix_update

Source Path <Unknown>

Port <Unknown>

Host a.b.c.d

Source RPM Packages

Target RPM Packages filesystem-2.4.0-3.el5.centos

Policy RPM selinux-policy-2.4.6-316.el5

Selinux Enabled True

Policy Type targeted

MLS Enabled True

Enforcing Mode Enforcing

Plugin Name catchall

Host Name a.b.c.d

Platform Linuxl a.b.c.d 2.6.18-274.3.1.el5

#1 SMP Tue Sep 6 20:13:52 EDT 2011 x86_64 x86_64

Alert Count 11

First Seen Fri Feb 25 15:39:33 2011

Last Seen Mon Sep 26 14:18:54 2011

Local ID 275eef01-114a-419b-9df0-4bb81932bc5e

Line Numbers




Raw Audit Messages




host=a.b.c.d type=AVC msg=audit(1317043134.620:3620): avc: denied { getattr } for pid=21354 comm="unix_update" name="/" dev=sda5 ino=2 scontext=system_u:system_r:updpwd_t:s0 tcontext=system_ubject_r:fs_t:s0 tclass=filesystem







I can generate a local policy module.




Thanks,




Tony
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 09-26-2011, 09:22 PM
Dominick Grift
 
Default updpwd AVC

On Mon, 2011-09-26 at 15:00 +0100, Tony Molloy wrote:
>
> Hi,
>
>
> On a fully updated CentOS 5.7 box I get the following AVC
>
>
> Summary:
>
>
> SELinux is preventing unix_update (updpwd_t) "getattr" to / (fs_t).
>
>
> Detailed Description:
>
>
> SELinux denied access requested by unix_update. It is not expected
> that this
>
> access is required by unix_update and this access may signal an
> intrusion
>
> attempt. It is also possible that the specific version or
> configuration of the
>
> application is causing it to require additional access.
>
>
> Allowing Access:
>
>
> You can generate a local policy module to allow this access - see FAQ
>
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
> disable
>
> SELinux protection altogether. Disabling SELinux protection is not
> recommended.
>
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>
> against this package.
>
>
> Additional Information:
>
>
> Source Context system_u:system_r:updpwd_t
>
> Target Context system_ubject_r:fs_t
>
> Target Objects / [ filesystem ]
>
> Source unix_update
>
> Source Path <Unknown>
>
> Port <Unknown>
>
> Host a.b.c.d
>
> Source RPM Packages
>
> Target RPM Packages filesystem-2.4.0-3.el5.centos
>
> Policy RPM selinux-policy-2.4.6-316.el5
>
> Selinux Enabled True
>
> Policy Type targeted
>
> MLS Enabled True
>
> Enforcing Mode Enforcing
>
> Plugin Name catchall
>
> Host Name a.b.c.d
>
> Platform Linuxl a.b.c.d 2.6.18-274.3.1.el5
>
> #1 SMP Tue Sep 6 20:13:52 EDT 2011 x86_64 x86_64
>
> Alert Count 11
>
> First Seen Fri Feb 25 15:39:33 2011
>
> Last Seen Mon Sep 26 14:18:54 2011
>
> Local ID 275eef01-114a-419b-9df0-4bb81932bc5e
>
> Line Numbers
>
>
> Raw Audit Messages
>
>
> host=a.b.c.d type=AVC msg=audit(1317043134.620:3620): avc: denied
> { getattr } for pid=21354 comm="unix_update" name="/" dev=sda5 ino=2
> scontext=system_u:system_r:updpwd_t:s0
> tcontext=system_ubject_r:fs_t:s0 tclass=filesystem
>
>
>
> I can generate a local policy module.

Any idea what you were doing when this happened? The reason i ask is
because this is not even allowed in latest fedora as far as i can see.

It is no big deal to allow updpwd_t to get attributes of the fs_t
filesystem but it is certainly not common for updpwd_t to want this
access i believe. If it was we probably would have gotten may more
reports much earlier.

> Thanks,
>
>
> Tony
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 09-27-2011, 03:26 PM
Tony Molloy
 
Default updpwd AVC

On Monday 26 September 2011 22:22:31 Dominick Grift wrote:

> On Mon, 2011-09-26 at 15:00 +0100, Tony Molloy wrote:

> > Hi,

> >

> >

> > On a fully updated CentOS 5.7 box I get the following AVC

> >

> >

> > Summary:

> >

> >

> > SELinux is preventing unix_update (updpwd_t) "getattr" to /

> > (fs_t).

> >

> >

> > Detailed Description:

> >

> >

> > SELinux denied access requested by unix_update. It is not

> > expected that this

> >

> > access is required by unix_update and this access may signal an

> > intrusion

> >

> > attempt. It is also possible that the specific version or

> > configuration of the

> >

> > application is causing it to require additional access.

> >

> >

> > Allowing Access:

> >

> >

> > You can generate a local policy module to allow this access - see

> > FAQ

> >

> > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you

> > can disable

> >

> > SELinux protection altogether. Disabling SELinux protection is

> > not recommended.

> >

> > Please file a bug report

> > (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)

> >

> > against this package.

> >

> >

> > Additional Information:

> >

> >

> > Source Context system_u:system_r:updpwd_t

> >

> > Target Context system_ubject_r:fs_t

> >

> > Target Objects / [ filesystem ]

> >

> > Source unix_update

> >

> > Source Path <Unknown>

> >

> > Port <Unknown>

> >

> > Host a.b.c.d

> >

> > Source RPM Packages

> >

> > Target RPM Packages filesystem-2.4.0-3.el5.centos

> >

> > Policy RPM selinux-policy-2.4.6-316.el5

> >

> > Selinux Enabled True

> >

> > Policy Type targeted

> >

> > MLS Enabled True

> >

> > Enforcing Mode Enforcing

> >

> > Plugin Name catchall

> >

> > Host Name a.b.c.d

> >

> > Platform Linuxl a.b.c.d 2.6.18-274.3.1.el5

> >

> > #1 SMP Tue Sep 6 20:13:52 EDT 2011 x86_64 x86_64

> >

> > Alert Count 11

> >

> > First Seen Fri Feb 25 15:39:33 2011

> >

> > Last Seen Mon Sep 26 14:18:54 2011

> >

> > Local ID 275eef01-114a-419b-9df0-4bb81932bc5e

> >

> > Line Numbers

> >

> >

> > Raw Audit Messages

> >

> >

> > host=a.b.c.d type=AVC msg=audit(1317043134.620:3620): avc: denied

> > { getattr } for pid=21354 comm="unix_update" name="/" dev=sda5

> > ino=2 scontext=system_u:system_r:updpwd_t:s0

> > tcontext=system_ubject_r:fs_t:s0 tclass=filesystem

> >

> >

> >

> > I can generate a local policy module.

>

> Any idea what you were doing when this happened? The reason i ask

> is because this is not even allowed in latest fedora as far as i

> can see.

>




This machine is basically a mail and ftp server. As far as I can tell from the logs ( secure and messages ) nobody was doing anything on the machine at the times I get the AVC, 5 times yesterday.




> It is no big deal to allow updpwd_t to get attributes of the fs_t

> filesystem but it is certainly not common for updpwd_t to want this

> access i believe. If it was we probably would have gotten may more

> reports much earlier.

>




Strange then that I am getting it from this one server only.




Here's the context for unix_update




-rwx------ root root system_ubject_r:updpwd_exec_t /sbin/unix_update




I've just run an autorelabel on the entire filesystem as part of the 5.6 to 5.7 CentOS update




Thanks,




Tony




> > Thanks,

> >

> >

> > Tony

> >

> > --

> > selinux mailing list

> > selinux@lists.fedoraproject.org

> > https://admin.fedoraproject.org/mailman/listinfo/selinux



--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 09-27-2011, 05:18 PM
Dominick Grift
 
Default updpwd AVC

On Tue, 2011-09-27 at 16:26 +0100, Tony Molloy wrote:
> On Monday 26 September 2011 22:22:31 Dominick Grift wrote:
>
> > On Mon, 2011-09-26 at 15:00 +0100, Tony Molloy wrote:
>
> > > Hi,
>
> > >
>
> > >
>
> > > On a fully updated CentOS 5.7 box I get the following AVC
>
> > >
>
> > >
>
> > > Summary:
>
> > >
>
> > >
>
> > > SELinux is preventing unix_update (updpwd_t) "getattr" to /
>
> > > (fs_t).
>
> > >
>
> > >
>
> > > Detailed Description:
>
> > >
>
> > >
>
> > > SELinux denied access requested by unix_update. It is not
>
> > > expected that this
>
> > >
>
> > > access is required by unix_update and this access may signal an
>
> > > intrusion
>
> > >
>
> > > attempt. It is also possible that the specific version or
>
> > > configuration of the
>
> > >
>
> > > application is causing it to require additional access.
>
> > >
>
> > >
>
> > > Allowing Access:
>
> > >
>
> > >
>
> > > You can generate a local policy module to allow this access - see
>
> > > FAQ
>
> > >
>
> > > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you
>
> > > can disable
>
> > >
>
> > > SELinux protection altogether. Disabling SELinux protection is
>
> > > not recommended.
>
> > >
>
> > > Please file a bug report
>
> > > (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>
> > >
>
> > > against this package.
>
> > >
>
> > >
>
> > > Additional Information:
>
> > >
>
> > >
>
> > > Source Context system_u:system_r:updpwd_t
>
> > >
>
> > > Target Context system_ubject_r:fs_t
>
> > >
>
> > > Target Objects / [ filesystem ]
>
> > >
>
> > > Source unix_update
>
> > >
>
> > > Source Path <Unknown>
>
> > >
>
> > > Port <Unknown>
>
> > >
>
> > > Host a.b.c.d
>
> > >
>
> > > Source RPM Packages
>
> > >
>
> > > Target RPM Packages filesystem-2.4.0-3.el5.centos
>
> > >
>
> > > Policy RPM selinux-policy-2.4.6-316.el5
>
> > >
>
> > > Selinux Enabled True
>
> > >
>
> > > Policy Type targeted
>
> > >
>
> > > MLS Enabled True
>
> > >
>
> > > Enforcing Mode Enforcing
>
> > >
>
> > > Plugin Name catchall
>
> > >
>
> > > Host Name a.b.c.d
>
> > >
>
> > > Platform Linuxl a.b.c.d 2.6.18-274.3.1.el5
>
> > >
>
> > > #1 SMP Tue Sep 6 20:13:52 EDT 2011 x86_64 x86_64
>
> > >
>
> > > Alert Count 11
>
> > >
>
> > > First Seen Fri Feb 25 15:39:33 2011
>
> > >
>
> > > Last Seen Mon Sep 26 14:18:54 2011
>
> > >
>
> > > Local ID 275eef01-114a-419b-9df0-4bb81932bc5e
>
> > >
>
> > > Line Numbers
>
> > >
>
> > >
>
> > > Raw Audit Messages
>
> > >
>
> > >
>
> > > host=a.b.c.d type=AVC msg=audit(1317043134.620:3620): avc: denied
>
> > > { getattr } for pid=21354 comm="unix_update" name="/" dev=sda5
>
> > > ino=2 scontext=system_u:system_r:updpwd_t:s0
>
> > > tcontext=system_ubject_r:fs_t:s0 tclass=filesystem
>
> > >
>
> > >
>
> > >
>
> > > I can generate a local policy module.
>
> >
>
> > Any idea what you were doing when this happened? The reason i ask
>
> > is because this is not even allowed in latest fedora as far as i
>
> > can see.
>
> >
>
>
> This machine is basically a mail and ftp server. As far as I can tell
> from the logs ( secure and messages ) nobody was doing anything on the
> machine at the times I get the AVC, 5 times yesterday.
>
>
> > It is no big deal to allow updpwd_t to get attributes of the fs_t
>
> > filesystem but it is certainly not common for updpwd_t to want this
>
> > access i believe. If it was we probably would have gotten may more
>
> > reports much earlier.
>
> >
>
>
> Strange then that I am getting it from this one server only.
>
>
> Here's the context for unix_update
>
>
> -rwx------ root root system_ubject_r:updpwd_exec_t /sbin/unix_update
>
>
> I've just run an autorelabel on the entire filesystem as part of the
> 5.6 to 5.7 CentOS update

See if you can reproduce it

>
> Thanks,
>
>
> Tony
>
>
> > > Thanks,
>
> > >
>
> > >
>
> > > Tony
>
> > >
>
> > > --
>
> > > selinux mailing list
>
> > > selinux@lists.fedoraproject.org
>
> > > https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 09-27-2011, 06:17 PM
Daniel J Walsh
 
Default updpwd AVC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/27/2011 11:26 AM, Tony Molloy wrote:
> On Monday 26 September 2011 22:22:31 Dominick Grift wrote:
>
>> On Mon, 2011-09-26 at 15:00 +0100, Tony Molloy wrote:
>
>>> Hi,
>
>>>
>
>>>
>
>>> On a fully updated CentOS 5.7 box I get the following AVC
>
>>>
>
>>>
>
>>> Summary:
>
>>>
>
>>>
>
>>> SELinux is preventing unix_update (updpwd_t) "getattr" to /
>
>>> (fs_t).
>
>>>
>
>>>
>
>>> Detailed Description:
>
>>>
>
>>>
>
>>> SELinux denied access requested by unix_update. It is not
>
>>> expected that this
>
>>>
>
>>> access is required by unix_update and this access may signal
>>> an
>
>>> intrusion
>
>>>
>
>>> attempt. It is also possible that the specific version or
>
>>> configuration of the
>
>>>
>
>>> application is causing it to require additional access.
>
>>>
>
>>>
>
>>> Allowing Access:
>
>>>
>
>>>
>
>>> You can generate a local policy module to allow this access -
>>> see
>
>>> FAQ
>
>>>
>
>>> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or
>>> you
>
>>> can disable
>
>>>
>
>>> SELinux protection altogether. Disabling SELinux protection is
>
>>> not recommended.
>
>>>
>
>>> Please file a bug report
>
>>> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>
>>>
>
>>> against this package.
>
>>>
>
>>>
>
>>> Additional Information:
>
>>>
>
>>>
>
>>> Source Context system_u:system_r:updpwd_t
>
>>>
>
>>> Target Context system_ubject_r:fs_t
>
>>>
>
>>> Target Objects / [ filesystem ]
>
>>>
>
>>> Source unix_update
>
>>>
>
>>> Source Path <Unknown>
>
>>>
>
>>> Port <Unknown>
>
>>>
>
>>> Host a.b.c.d
>
>>>
>
>>> Source RPM Packages
>
>>>
>
>>> Target RPM Packages filesystem-2.4.0-3.el5.centos
>
>>>
>
>>> Policy RPM selinux-policy-2.4.6-316.el5
>
>>>
>
>>> Selinux Enabled True
>
>>>
>
>>> Policy Type targeted
>
>>>
>
>>> MLS Enabled True
>
>>>
>
>>> Enforcing Mode Enforcing
>
>>>
>
>>> Plugin Name catchall
>
>>>
>
>>> Host Name a.b.c.d
>
>>>
>
>>> Platform Linuxl a.b.c.d 2.6.18-274.3.1.el5
>
>>>
>
>>> #1 SMP Tue Sep 6 20:13:52 EDT 2011 x86_64 x86_64
>
>>>
>
>>> Alert Count 11
>
>>>
>
>>> First Seen Fri Feb 25 15:39:33 2011
>
>>>
>
>>> Last Seen Mon Sep 26 14:18:54 2011
>
>>>
>
>>> Local ID 275eef01-114a-419b-9df0-4bb81932bc5e
>
>>>
>
>>> Line Numbers
>
>>>
>
>>>
>
>>> Raw Audit Messages
>
>>>
>
>>>
>
>>> host=a.b.c.d type=AVC msg=audit(1317043134.620:3620): avc:
>>> denied
>
>>> { getattr } for pid=21354 comm="unix_update" name="/" dev=sda5
>
>>> ino=2 scontext=system_u:system_r:updpwd_t:s0
>
>>> tcontext=system_ubject_r:fs_t:s0 tclass=filesystem
>
>>>
>
>>>
>
>>>
>
>>> I can generate a local policy module.
>
>>
>
>> Any idea what you were doing when this happened? The reason i
>> ask
>
>> is because this is not even allowed in latest fedora as far as i
>
>> can see.
>
>>
>
>
> This machine is basically a mail and ftp server. As far as I can
> tell from the logs ( secure and messages ) nobody was doing
> anything on the machine at the times I get the AVC, 5 times
> yesterday.
>
>
>> It is no big deal to allow updpwd_t to get attributes of the
>> fs_t
>
>> filesystem but it is certainly not common for updpwd_t to want
>> this
>
>> access i believe. If it was we probably would have gotten may
>> more
>
>> reports much earlier.
>
>>
>
>
> Strange then that I am getting it from this one server only.
>
>
> Here's the context for unix_update
>
>
> -rwx------ root root system_ubject_r:updpwd_exec_t
> /sbin/unix_update
>
>
> I've just run an autorelabel on the entire filesystem as part of
> the 5.6 to 5.7 CentOS update
>
>
> Thanks,
>
>
> Tony
>
>
>>> Thanks,
>
>>>
>
>>>
>
>>> Tony
>
>>>
>
>>> --
>
>>> selinux mailing list
>
>>> selinux@lists.fedoraproject.org
>
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
>
>
> -- selinux mailing list selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

Probably has to do with the way the mount table is setup on this
machine versus other machines.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6CEy0ACgkQrlYvE4MpobN1aQCdHc2uXuJIjh 64759AuQyAmoz+
rwEAoIfSac27Ch+eaJZyBD6iIAKTwxNU
=CME3
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 09-28-2011, 02:56 PM
Tony Molloy
 
Default updpwd AVC

On Tuesday 27 September 2011 19:17:17 Daniel J Walsh wrote:

> On 09/27/2011 11:26 AM, Tony Molloy wrote:

> > On Monday 26 September 2011 22:22:31 Dominick Grift wrote:

> >> On Mon, 2011-09-26 at 15:00 +0100, Tony Molloy wrote:

> >>> Hi,

> >>>

> >>> On a fully updated CentOS 5.7 box I get the following AVC




> >>> SELinux is preventing unix_update (updpwd_t) "getattr" to /

> >>> (fs_t).

> >>>

> >>> Raw Audit Message

> >>>

> >>> host=a.b.c.d type=AVC msg=audit(1317043134.620:3620): avc:

> >>> denied

> >>>

> >>> { getattr } for pid=21354 comm="unix_update" name="/" dev=sda5

> >>>

> >>> ino=2 scontext=system_u:system_r:updpwd_t:s0

> >>>

> >>> tcontext=system_ubject_r:fs_t:s0 tclass=filesystem

> >>>

> >>>

> Probably has to do with the way the mount table is setup on this

> machine versus other machines.




Now I've just noticed some other SElinux problems on this machine.







Unusual System Events

=-=-=-=-=-=-=-=-=-=-=

Sep 24 13:25:24 garryowen ssh: /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /home/[^/]*/.+.

Sep 24 13:25:24 garryowen ssh: /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /home/[^/]*/.virtinst(/.*)?.




.....







Now some time ago I moved some test mail accounts on this machine from /users to /home and ran genhomedircon.




There is a file in /etc/selinux/targeted/contexts/files/ called file_contexts.homedirs, generated by genhomedircon, which contains context information for /home.




Could this multiple definitions be the root cause of the problem




Should I remove this file and autorelabel the entire filesystem again.




Thanks,




Tony
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 09-28-2011, 03:48 PM
Daniel J Walsh
 
Default updpwd AVC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/28/2011 10:56 AM, Tony Molloy wrote:
> On Tuesday 27 September 2011 19:17:17 Daniel J Walsh wrote:
>
>> On 09/27/2011 11:26 AM, Tony Molloy wrote:
>
>>> On Monday 26 September 2011 22:22:31 Dominick Grift wrote:
>
>>>> On Mon, 2011-09-26 at 15:00 +0100, Tony Molloy wrote:
>
>>>>> Hi,
>
>>>>>
>
>>>>> On a fully updated CentOS 5.7 box I get the following AVC
>
>
>>>>> SELinux is preventing unix_update (updpwd_t) "getattr" to
>>>>> /
>
>>>>> (fs_t).
>
>>>>>
>
>>>>> Raw Audit Message
>
>>>>>
>
>>>>> host=a.b.c.d type=AVC msg=audit(1317043134.620:3620): avc:
>
>>>>> denied
>
>>>>>
>
>>>>> { getattr } for pid=21354 comm="unix_update" name="/"
>>>>> dev=sda5
>
>>>>>
>
>>>>> ino=2 scontext=system_u:system_r:updpwd_t:s0
>
>>>>>
>
>>>>> tcontext=system_ubject_r:fs_t:s0 tclass=filesystem
>
>>>>>
>
>>>>>
>
>> Probably has to do with the way the mount table is setup on this
>
>> machine versus other machines.
>
>
> Now I've just noticed some other SElinux problems on this machine.
>
>
>
> Unusual System Events
>
> =-=-=-=-=-=-=-=-=-=-=
>
> Sep 24 13:25:24 garryowen ssh:
> /etc/selinux/targeted/contexts/files/file_contexts: Multiple same
> specifications for /home/[^/]*/.+.
>
> Sep 24 13:25:24 garryowen ssh:
> /etc/selinux/targeted/contexts/files/file_contexts: Multiple same
> specifications for /home/[^/]*/.virtinst(/.*)?.
>
>
> .....
>
>
>
> Now some time ago I moved some test mail accounts on this machine
> from /users to /home and ran genhomedircon.
>
>
> There is a file in /etc/selinux/targeted/contexts/files/ called
> file_contexts.homedirs, generated by genhomedircon, which contains
> context information for /home.
>
>
> Could this multiple definitions be the root cause of the problem
>
>
> Should I remove this file and autorelabel the entire filesystem
> again.
>
>
> Thanks,
>
>
> Tony
>
>
>
> -- selinux mailing list selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux


No
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6DQbQACgkQrlYvE4MpobPAvgCcCCEhB1N2ce 1LCaStIc7vE6KZ
lMAAnjtwrA+4FDguLnTsyFwZZ9YmrKes
=tT5S
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 01:18 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org