On Tuesday 27 September 2011 19:17:17 Daniel J Walsh wrote:
On 09/27/2011 11:26 AM, Tony Molloy wrote:
> On Monday 26 September 2011 22:22:31 Dominick Grift wrote:
>> On Mon, 2011-09-26 at 15:00 +0100, Tony Molloy wrote:
>>> Hi,
>>>
>>> On a fully updated CentOS 5.7 box I get the following AVC
>>> SELinux is preventing unix_update (updpwd_t)
"getattr" to /
>>> (fs_t).
>>>
>>> Raw Audit Message
>>>
>>> host=a.b.c.d type=AVC msg=audit(1317043134.620:3620): avc:
>>> denied
>>>
>>> { getattr } for pid=21354 comm="unix_update" name="/"
dev=sda5
>>>
>>> ino=2 scontext=system_u:system_r:updpwd_t:s0
>>>
>>> tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
>>>
>>>
Probably has to do with the way the mount table is setup on this
machine versus other machines.
Now I've just noticed some other SElinux problems on this machine.
Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Sep 24 13:25:24 garryowen ssh:
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /home/[^/]*/.+.
Sep 24 13:25:24 garryowen ssh:
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /home/[^/]*/.virtinst(/.*)?.
.....
Now some time ago I moved some test mail accounts on this machine from
/users to /home and ran genhomedircon.
There is a file in /etc/selinux/targeted/contexts/files/ called
file_contexts.homedirs, generated by genhomedircon, which contains
context information for /home.
Could this multiple definitions be the root cause of the problem
Should I remove this file and autorelabel the entire filesystem again.
Thanks,
Tony