Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #16  
Old 8th August 2012, 08:55 PM
rhatdan Offline
Registered User
 
Join Date: Feb 2007
Posts: 29
linuxfirefox
Re: SELinux and Tmpwatch getattr problem

We now believe this problem is caused by first boot on initial install. We removed the label for firstboot_tmp_t from an updated policy. Because the kernel no longer understands the type, it reports it as unlabeled_t. And when tmpwatch eventually goes to cleanup /tmp, SELinux denies access. The latest policy creates an alias fro fistboot_tmp_t to tmp_t, which tmpwatch is allowed to look at and will eliminate the AVC. Deleting the directory would also work since you will not be running firstboot a second time on your machine.
Reply With Quote
  #17  
Old 9th August 2012, 01:09 AM
jlpierce Offline
Registered User
 
Join Date: Jul 2012
Location: Pekin, Indiana
Posts: 88
linuxopera
Re: SELinux and Tmpwatch getattr problem

Quote:
Originally Posted by jpollard View Post
Might check and see if /var/tmp is a symbolic link to /tmp.

It isn't on my system, but some prefer it that way.
Okay, I checked the /var/tmp and it is a directory not a link.

I find interesting the fact that I have a kdecache-root directory in /var/tmp and a kde-root in /tmp.

ll /var/tmp/
total 68
drwx------. 9 eagle1 eagle1 4096 Aug 6 23:11 kdecache-eagle1
drwx------. 6 root root 4096 Jul 23 11:50 kdecache-root
drwx------. 6 tiger1 tiger1 4096 Aug 2 10:29 kdecache-tiger1
drwx------. 2 eagle1 eagle1 4096 Jun 29 11:16 opera-20120629111620
drwx------. 2 eagle1 eagle1 4096 Jun 30 23:14 opera-20120630231433
drwx------. 2 eagle1 eagle1 4096 Jul 4 13:00 opera-20120704130032
drwx------. 2 eagle1 eagle1 4096 Jul 5 01:41 opera-20120705014106
drwx------. 2 eagle1 eagle1 4096 Jul 8 07:31 opera-20120708073143
drwx------. 2 eagle1 eagle1 4096 Jul 8 07:49 opera-20120708074950
drwx------. 2 eagle1 eagle1 4096 Jul 9 11:05 opera-20120709110528
drwx------. 2 eagle1 eagle1 4096 Jul 16 13:14 opera-20120716131414
drwx------. 2 eagle1 eagle1 4096 Jul 22 17:48 opera-20120722174846
drwx------. 2 eagle1 eagle1 4096 Jul 24 07:50 opera-20120724075049
drwx------. 2 eagle1 eagle1 4096 Jul 28 00:53 opera-20120728005316
drwx------. 2 eagle1 eagle1 4096 Jul 30 09:43 opera-20120730094344
drwx------. 3 eagle1 eagle1 4096 Jul 2 08:56 yum-eagle1-w97Ufb
drwx------. 2 root root 4096 Jun 25 15:37 yum-root-tQHsEA



ll /tmp
total 84
drwx------. 2 eagle1 eagle1 4096 Aug 6 22:53 akonadi-eagle1.LwSPy3
drwx------. 2 eagle1 eagle1 4096 Aug 8 05:17 CRX_75DAF8CB7768
drwx------. 2 eagle1 eagle1 4096 Aug 8 19:01 kde-eagle1
drwx------. 2 root root 4096 Aug 6 22:53 kde-root
drwx------. 2 eagle1 eagle1 4096 Aug 8 05:31 ksocket-eagle1
drwx------. 2 root root 4096 Aug 6 22:53 ksocket-root
drwx------. 2 eagle1 eagle1 4096 Aug 6 22:53 pulse-VcYAAuaJf0D3
drwx------. 2 eagle1 eagle1 4096 Aug 6 22:53 pulse-y8YEWT7qyPiO
drwx------. 2 eagle1 eagle1 4096 Aug 6 22:53 ssh-SrZFMRzc1892
drwx------. 4 root root 4096 Aug 6 22:53 systemd-namespace-5rHVUd
drwx------. 4 root root 4096 Aug 6 22:52 systemd-namespace-8Rp0Gl
drwx------. 4 root colord 4096 Aug 6 22:53 systemd-namespace-AkPQc1
drwx------. 4 root root 4096 Aug 6 22:52 systemd-namespace-bAQTGX
drwx------. 4 root mysql 4096 Aug 6 22:52 systemd-namespace-iHG8D4
drwx------. 4 root root 4096 Aug 6 22:53 systemd-namespace-n8TRDY
drwx------. 4 root mysql 4096 Aug 6 22:52 systemd-namespace-NsKG13
drwx------. 4 root root 4096 Aug 6 22:52 systemd-namespace-oY1rw4
drwx------. 4 root mysql 4096 Aug 6 22:52 systemd-namespace-uUzXNY
drwx------. 4 root root 4096 Aug 6 22:52 systemd-namespace-xgxAky
drwx------. 4 root colord 4096 Aug 6 22:53 systemd-namespace-Zy2Q0i
-rw-------. 1 root root 706 Aug 8 19:02 yum_save_tx.2012-08-08.19-02.q74f2z.yumtx


That is the ll output from both /var/tmp and /var

---------- Post added at 08:09 PM ---------- Previous post was at 07:54 PM ----------

Okay, a quick update.

I just tried 'rm -rf /var/tmp/kdecache-root/ and received several permission denied responses. I am logged in as a normal user and tried that from a konsole with elevated privileges.

Not sure how to get rid of these now..... (scratches head)
Reply With Quote
  #18  
Old 10th August 2012, 10:18 AM
undoIT Offline
Registered User
 
Join Date: May 2009
Location: Reno
Posts: 29
linuxfirefox
Re: SELinux and Tmpwatch getattr problem

Quote:
Originally Posted by jlpierce View Post
Okay, a quick update.

I just tried 'rm -rf /var/tmp/kdecache-root/ and received several permission denied responses. I am logged in as a normal user and tried that from a konsole with elevated privileges.

Not sure how to get rid of these now..... (scratches head)
If you haven't added your account as a sudoer, you can do so as referenced here:

http://fedoraproject.org/wiki/Configuring_Sudo

Then run:

Code:
sudo rm -rf /var/tmp/kdecache-root
Hopefully, this fixes the problem. I keep getting the SELinux alert as well and it is annoying. I'll report back if removing that folder hasn't fixed the problem.
__________________
Reply With Quote
  #19  
Old 10th August 2012, 01:24 PM
jlpierce Offline
Registered User
 
Join Date: Jul 2012
Location: Pekin, Indiana
Posts: 88
linuxopera
Re: SELinux and Tmpwatch getattr problem

Even after adding myself to the sudoers file I get this response:

[sudo] password for eagle1:
rm: cannot remove `/var/tmp/kdecache-root/ksycoca4stamp': Permission denied
rm: cannot remove `/var/tmp/kdecache-root/ksycoca4': Permission denied
rm: cannot remove `/var/tmp/kdecache-root/libphonon': Permission denied
rm: cannot remove `/var/tmp/kdecache-root/ksplashx': Permission denied
rm: cannot remove `/var/tmp/kdecache-root/plasma_theme_Beefy_Miracle.kcache': Permission denied
rm: cannot remove `/var/tmp/kdecache-root/plasma-svgelements-Beefy_Miracle': Permission denied
rm: cannot remove `/var/tmp/kdecache-root/plasma-wallpapers': Permission denied
rm: cannot remove `/var/tmp/kdecache-root/favicons': Permission denied
rm: cannot remove `/var/tmp/kdecache-root/icon-cache.kcache': Permission denied

I guess I could boot the live media and mount that file system and get rid of the directories, I don't think SELinux will interfere that way.... Thoughts anyone?
Reply With Quote
  #20  
Old 15th August 2012, 07:51 AM
rtvdenys Offline
Registered User
 
Join Date: Aug 2012
Location: London, UK
Posts: 1
linuxfirefox
Re: SELinux and Tmpwatch getattr problem

I have the same problem. SELinux Alert appears many times a day.

However, kdecache-root is located in /var/tmp and /var/tmp is not a symlink to /tmp.

Removing the files or directories makes to difference.

There is a bug reported on bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=837478

I suggest joining the discussion there.

---------- Post added at 06:51 AM ---------- Previous post was at 06:10 AM ----------

Ops.. That bug was closed in bugzilla as NOTABUG.

So I opened another one to say that it is a bug:

https://bugzilla.redhat.com/show_bug.cgi?id=848280
Reply With Quote
Reply

Tags
getattr, problem, selinux, tmpwatch

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
F17: SELinux is preventing /usr/sbin/tmpwatch from read access on the directory /root greno Using Fedora 0 14th June 2012 01:26 PM
crontab and tmpwatch LDC Using Fedora 0 25th May 2008 01:09 PM
SELinux blocking tmpwatch ajamison Security and Privacy 0 20th December 2007 03:18 AM
/var/log/messages - kernel: audit(1107868785.573:0): avc: denied { getattr } lothario Using Fedora 13 13th February 2005 10:15 PM


Current GMT-time: 07:06 (Tuesday, 21-10-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Glendale Heights Instagram Photos - Khairagarh - Surrey Photos