Opened 16 years ago
Closed 8 years ago
#1819 closed enhancement (obsolete)
SELinux-entries regarding /tmp/vbox.X - directories
Reported by: | Moritz Isselstein | Owned by: | |
---|---|---|---|
Component: | installer | Version: | VirtualBox 1.6.2 |
Keywords: | SELinux | Cc: | |
Guest type: | Windows | Host type: | Linux |
Description (last modified by )
SELinux creates for every file in the /tmp/vbox.0/... /tmp/vbox.1/... directories and subdirectories an event similar to the following:
SElinux-entry (example):
Zusammenfassung
SELinux is preventing tmpwatch (tmpreaper_t) "getattr" to /tmp/vbox.1/r0drv/linux/thread-r0drv-linux.c (usr_t).
Detaillierte Beschreibung
SELinux denied access requested by tmpwatch. It is not expected that this access is required by tmpwatch and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Zugriff erlauben
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /tmp/vbox.1/r0drv/linux/thread-r0drv-linux.c, restorecon -v '/tmp/vbox.1/r0drv/linux/thread-r0drv-linux.c' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package.
Zusätzliche Informationen
Quellkontext: system_u:system_r:tmpreaper_t:s0 Zielkontext: system_u:object_r:usr_t:s0 Zielobjekte: /tmp/vbox.1/r0drv/linux/thread-r0drv-linux.c [ file ] Source: tmpwatchSource Path: /usr/sbin/tmpwatch Port: <Unbekannt> Host: localhost.localdomain Source RPM Packages: tmpwatch-2.9.13-2T arget RPM Packages: RPM-Richtlinie: selinux-policy-3.3.1-74.fc9 SELinux aktiviert: True Richtlinienversion: targeted MLS aktiviert: True Enforcing-Modus: Enforcing Plugin-Name: catchall_file Hostname: localhost.localdomain Plattform: Linux localhost.localdomain 2.6.25.4-30.fc9.x86_64 #1 SMP Wed May 21 17:34:18 EDT 2008 x86_64 x86_64 Anzahl der Alarme: 1 Zuerst gesehen: So 06 Jul 2008 13:14:53 CEST Zuletzt gesehen: So 06 Jul 2008 13:14:53 CEST Lokale ID: e537c7ad-5b7a-4209-b64d-2e84da7c6588 Zeilennummern:
Raw-Audit-Meldungen:
host=localhost.localdomain type=AVC msg=audit(1215342893.145:140): avc: denied { getattr } for pid=8878 comm="tmpwatch" path="/tmp/vbox.1/r0drv/linux/thread-r0drv-linux.c" dev=dm-0 ino=1516418 scontext=system_u:system_r:tmpreaper_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file host=localhost.localdomain type=SYSCALL msg=audit(1215342893.145:140): arch=c000003e syscall=6 success=no exit=-13 a0=1910bdb a1=7ffff8d67190 a2=7ffff8d67190 a3=7f6cf0d516f0 items=0 ppid=8876 pid=8878 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0 key=(null)
Please contact dwalsh on irc.freenode.net channel #selinux to solve this issue. Regards Moe
Change History (3)
comment:1 by , 16 years ago
Component: | other → installer |
---|
comment:2 by , 16 years ago
Description: | modified (diff) |
---|
comment:3 by , 8 years ago
Description: | modified (diff) |
---|---|
Resolution: | → obsolete |
Status: | new → closed |
Please reopen if still relevant with a recent VirtualBox release.