SELinux denied access
up vote
5
down vote
favorite
I keep receiving this message from SELinux in a bug report. I am running Fedora 13 and I am learning as I go. What might be causing this?
Summary:
SELinux is preventing /usr/sbin/semodule access to a leaked /tmp/tmpGTbWYh file
descriptor.
Detailed Description:
[semodule has a permissive type (semanage_t). This access was not denied.]
SELinux denied access requested by the semodule command. It looks like this is
either a leaked descriptor or semodule output was redirected to a file it is not
allowed to access. Leaks usually can be ignored since SELinux is just closing
the leak and reporting the error. The application does not use the descriptor,
so it will run properly. If this is a redirection, you will not get output in
the /tmp/tmpGTbWYh. You should generate a bugzilla on selinux-policy, and it
will get routed to the appropriate package. You can safely ignore this avc.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385)
Additional Information:
Source Context system_u:system_r:semanage_t:s0-s0:c0.c1023
Target Context system_u:object_r:initrc_tmp_t:s0
Target Objects /tmp/tmpGTbWYh [ file ]
Source semodule
Source Path /usr/sbin/semodule
Port <Unknown>
Source RPM Packages policycoreutils-2.0.83-28.fc13
Target RPM Packages
Policy RPM selinux-policy-3.7.19-62.fc13
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name leaks
fedora selinux
edited Nov 24 at 20:02
Rui F Ribeiro
38.3k1475126
asked Oct 23 '10 at 3:21
Mipnix
263
add a comment |
up vote
5
down vote
favorite
I keep receiving this message from SELinux in a bug report. I am running Fedora 13 and I am learning as I go. What might be causing this?
Summary:
SELinux is preventing /usr/sbin/semodule access to a leaked /tmp/tmpGTbWYh file
descriptor.
Detailed Description:
[semodule has a permissive type (semanage_t). This access was not denied.]
SELinux denied access requested by the semodule command. It looks like this is
either a leaked descriptor or semodule output was redirected to a file it is not
allowed to access. Leaks usually can be ignored since SELinux is just closing
the leak and reporting the error. The application does not use the descriptor,
so it will run properly. If this is a redirection, you will not get output in
the /tmp/tmpGTbWYh. You should generate a bugzilla on selinux-policy, and it
will get routed to the appropriate package. You can safely ignore this avc.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385)
Additional Information:
Source Context system_u:system_r:semanage_t:s0-s0:c0.c1023
Target Context system_u:object_r:initrc_tmp_t:s0
Target Objects /tmp/tmpGTbWYh [ file ]
Source semodule
Source Path /usr/sbin/semodule
Port <Unknown>
Source RPM Packages policycoreutils-2.0.83-28.fc13
Target RPM Packages
Policy RPM selinux-policy-3.7.19-62.fc13
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name leaks
fedora selinux
edited Nov 24 at 20:02
Rui F Ribeiro
38.3k1475126
asked Oct 23 '10 at 3:21
Mipnix
263
It would help to have more context. What program is this bug report about? What are the actions leading to this error message? What is the program doing?
– Gilles
Oct 24 '10 at 22:11
I am not sure with what program this is associated. On my home screen, along the top bar, I receive a notification for a bug report. A google search indicates this is a common message associated with a new install or an update. The bug report itself indicates it is not a security issue but I don't know enough to not be concerned with random programs trying to access some files. The attached bug report is all I know. I am sorry I don't know enough to provide more information. Where could I obtain what I should provide?
– Mipnix
Oct 24 '10 at 23:19
What's running with that context when you get that error? Runps -eZ|grep initrc_tmp_t. It might need to be relabeled with the appropriate SELinux attributes.
– jsbillings
Feb 23 '11 at 18:07
add a comment |
up vote
5
down vote
favorite
up vote
5
down vote
favorite
I keep receiving this message from SELinux in a bug report. I am running Fedora 13 and I am learning as I go. What might be causing this?
Summary:
SELinux is preventing /usr/sbin/semodule access to a leaked /tmp/tmpGTbWYh file
descriptor.
Detailed Description:
[semodule has a permissive type (semanage_t). This access was not denied.]
SELinux denied access requested by the semodule command. It looks like this is
either a leaked descriptor or semodule output was redirected to a file it is not
allowed to access. Leaks usually can be ignored since SELinux is just closing
the leak and reporting the error. The application does not use the descriptor,
so it will run properly. If this is a redirection, you will not get output in
the /tmp/tmpGTbWYh. You should generate a bugzilla on selinux-policy, and it
will get routed to the appropriate package. You can safely ignore this avc.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385)
Additional Information:
Source Context system_u:system_r:semanage_t:s0-s0:c0.c1023
Target Context system_u:object_r:initrc_tmp_t:s0
Target Objects /tmp/tmpGTbWYh [ file ]
Source semodule
Source Path /usr/sbin/semodule
Port <Unknown>
Source RPM Packages policycoreutils-2.0.83-28.fc13
Target RPM Packages
Policy RPM selinux-policy-3.7.19-62.fc13
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name leaks
fedora selinux
edited Nov 24 at 20:02
Rui F Ribeiro
38.3k1475126
asked Oct 23 '10 at 3:21
Mipnix
263
I keep receiving this message from SELinux in a bug report. I am running Fedora 13 and I am learning as I go. What might be causing this?
Summary:
SELinux is preventing /usr/sbin/semodule access to a leaked /tmp/tmpGTbWYh file
descriptor.
Detailed Description:
[semodule has a permissive type (semanage_t). This access was not denied.]
SELinux denied access requested by the semodule command. It looks like this is
either a leaked descriptor or semodule output was redirected to a file it is not
allowed to access. Leaks usually can be ignored since SELinux is just closing
the leak and reporting the error. The application does not use the descriptor,
so it will run properly. If this is a redirection, you will not get output in
the /tmp/tmpGTbWYh. You should generate a bugzilla on selinux-policy, and it
will get routed to the appropriate package. You can safely ignore this avc.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385)
Additional Information:
Source Context system_u:system_r:semanage_t:s0-s0:c0.c1023
Target Context system_u:object_r:initrc_tmp_t:s0
Target Objects /tmp/tmpGTbWYh [ file ]
Source semodule
Source Path /usr/sbin/semodule
Port <Unknown>
Source RPM Packages policycoreutils-2.0.83-28.fc13
Target RPM Packages
Policy RPM selinux-policy-3.7.19-62.fc13
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name leaks
fedora selinux
fedora selinux
edited Nov 24 at 20:02
Rui F Ribeiro
38.3k1475126
asked Oct 23 '10 at 3:21
Mipnix
263
edited Nov 24 at 20:02
Rui F Ribeiro
38.3k1475126
asked Oct 23 '10 at 3:21
Mipnix
263
edited Nov 24 at 20:02
Rui F Ribeiro
38.3k1475126
edited Nov 24 at 20:02
Rui F Ribeiro
38.3k1475126
edited Nov 24 at 20:02
Rui F Ribeiro
38.3k1475126
38.3k1475126
asked Oct 23 '10 at 3:21
Mipnix
263
asked Oct 23 '10 at 3:21
Mipnix
263
asked Oct 23 '10 at 3:21
Mipnix
263
263
It would help to have more context. What program is this bug report about? What are the actions leading to this error message? What is the program doing?
– Gilles
Oct 24 '10 at 22:11
I am not sure with what program this is associated. On my home screen, along the top bar, I receive a notification for a bug report. A google search indicates this is a common message associated with a new install or an update. The bug report itself indicates it is not a security issue but I don't know enough to not be concerned with random programs trying to access some files. The attached bug report is all I know. I am sorry I don't know enough to provide more information. Where could I obtain what I should provide?
– Mipnix
Oct 24 '10 at 23:19
What's running with that context when you get that error? Runps -eZ|grep initrc_tmp_t. It might need to be relabeled with the appropriate SELinux attributes.
– jsbillings
Feb 23 '11 at 18:07
add a comment |
It would help to have more context. What program is this bug report about? What are the actions leading to this error message? What is the program doing?
– Gilles
Oct 24 '10 at 22:11
I am not sure with what program this is associated. On my home screen, along the top bar, I receive a notification for a bug report. A google search indicates this is a common message associated with a new install or an update. The bug report itself indicates it is not a security issue but I don't know enough to not be concerned with random programs trying to access some files. The attached bug report is all I know. I am sorry I don't know enough to provide more information. Where could I obtain what I should provide?
– Mipnix
Oct 24 '10 at 23:19
What's running with that context when you get that error? Runps -eZ|grep initrc_tmp_t. It might need to be relabeled with the appropriate SELinux attributes.
– jsbillings
Feb 23 '11 at 18:07
It would help to have more context. What program is this bug report about? What are the actions leading to this error message? What is the program doing?
– Gilles
Oct 24 '10 at 22:11
It would help to have more context. What program is this bug report about? What are the actions leading to this error message? What is the program doing?
– Gilles
Oct 24 '10 at 22:11
I am not sure with what program this is associated. On my home screen, along the top bar, I receive a notification for a bug report. A google search indicates this is a common message associated with a new install or an update. The bug report itself indicates it is not a security issue but I don't know enough to not be concerned with random programs trying to access some files. The attached bug report is all I know. I am sorry I don't know enough to provide more information. Where could I obtain what I should provide?
– Mipnix
Oct 24 '10 at 23:19
I am not sure with what program this is associated. On my home screen, along the top bar, I receive a notification for a bug report. A google search indicates this is a common message associated with a new install or an update. The bug report itself indicates it is not a security issue but I don't know enough to not be concerned with random programs trying to access some files. The attached bug report is all I know. I am sorry I don't know enough to provide more information. Where could I obtain what I should provide?
– Mipnix
Oct 24 '10 at 23:19
What's running with that context when you get that error? Run
ps -eZ|grep initrc_tmp_t. It might need to be relabeled with the appropriate SELinux attributes.– jsbillings
Feb 23 '11 at 18:07
What's running with that context when you get that error? Run
ps -eZ|grep initrc_tmp_t. It might need to be relabeled with the appropriate SELinux attributes.– jsbillings
Feb 23 '11 at 18:07
add a comment |
2 Answers
2
active
oldest
votes
up vote
2
down vote
This probably happened after an update of the system, and as temporary file are usually not needed after a reboot, I'd try to delete the file.
fuser /tmp/tmpGTbWYh
With this command you see if the file is used by any process and will give you one or more numbers (Process ID, PID).
No numbers it means the process is not used and you can delete safely the file
rm /tmp/tmpGTbWYh
Do the above with a user that have the rights to do it (your user? root?), you can check this with an ls
ls -l /tmp/tmpGTbWYh
If the file is used by any process you can do a ps and filter by each PID you found with the execution of the fuser
ps -ef | grep $PID
You must substitute $PID with numbers found above (with fuser).
At this point you should decide if you can, identify the aplication is using the file and close it if you can, or kill the process (kill $PID), or delete the file anyway (it maybe be risky).
If you have troubles to decide let us know.
answered Jan 24 '11 at 16:36
tmow
1,1031017
add a comment |
up vote
-3
down vote
Turn off SELinux and you won't get these messages anymore - do you really need this feature on? To turn it off, login as root:
echo 0 > /selinux/enforce
edit this file:
vi /etc/selinux/config
and change the attribute SELINUX to be SELINUX=disabled
edited Feb 22 '12 at 18:53
Kevin
26.7k106198
answered Mar 4 '11 at 3:23
Jamato
381
5
Lowering a system's security by disabling SELinux is generally not a good solution to this kind of problem. If anything, I'd change SELINUX=permissive to test the problem, until it's been resolved.
– jsbillings
Mar 8 '11 at 20:04
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
This probably happened after an update of the system, and as temporary file are usually not needed after a reboot, I'd try to delete the file.
fuser /tmp/tmpGTbWYh
With this command you see if the file is used by any process and will give you one or more numbers (Process ID, PID).
No numbers it means the process is not used and you can delete safely the file
rm /tmp/tmpGTbWYh
Do the above with a user that have the rights to do it (your user? root?), you can check this with an ls
ls -l /tmp/tmpGTbWYh
If the file is used by any process you can do a ps and filter by each PID you found with the execution of the fuser
ps -ef | grep $PID
You must substitute $PID with numbers found above (with fuser).
At this point you should decide if you can, identify the aplication is using the file and close it if you can, or kill the process (kill $PID), or delete the file anyway (it maybe be risky).
If you have troubles to decide let us know.
answered Jan 24 '11 at 16:36
tmow
1,1031017
add a comment |
up vote
2
down vote
This probably happened after an update of the system, and as temporary file are usually not needed after a reboot, I'd try to delete the file.
fuser /tmp/tmpGTbWYh
With this command you see if the file is used by any process and will give you one or more numbers (Process ID, PID).
No numbers it means the process is not used and you can delete safely the file
rm /tmp/tmpGTbWYh
Do the above with a user that have the rights to do it (your user? root?), you can check this with an ls
ls -l /tmp/tmpGTbWYh
If the file is used by any process you can do a ps and filter by each PID you found with the execution of the fuser
ps -ef | grep $PID
You must substitute $PID with numbers found above (with fuser).
At this point you should decide if you can, identify the aplication is using the file and close it if you can, or kill the process (kill $PID), or delete the file anyway (it maybe be risky).
If you have troubles to decide let us know.
answered Jan 24 '11 at 16:36
tmow
1,1031017
add a comment |
up vote
2
down vote
up vote
2
down vote
This probably happened after an update of the system, and as temporary file are usually not needed after a reboot, I'd try to delete the file.
fuser /tmp/tmpGTbWYh
With this command you see if the file is used by any process and will give you one or more numbers (Process ID, PID).
No numbers it means the process is not used and you can delete safely the file
rm /tmp/tmpGTbWYh
Do the above with a user that have the rights to do it (your user? root?), you can check this with an ls
ls -l /tmp/tmpGTbWYh
If the file is used by any process you can do a ps and filter by each PID you found with the execution of the fuser
ps -ef | grep $PID
You must substitute $PID with numbers found above (with fuser).
At this point you should decide if you can, identify the aplication is using the file and close it if you can, or kill the process (kill $PID), or delete the file anyway (it maybe be risky).
If you have troubles to decide let us know.
answered Jan 24 '11 at 16:36
tmow
1,1031017
This probably happened after an update of the system, and as temporary file are usually not needed after a reboot, I'd try to delete the file.
fuser /tmp/tmpGTbWYh
With this command you see if the file is used by any process and will give you one or more numbers (Process ID, PID).
No numbers it means the process is not used and you can delete safely the file
rm /tmp/tmpGTbWYh
Do the above with a user that have the rights to do it (your user? root?), you can check this with an ls
ls -l /tmp/tmpGTbWYh
If the file is used by any process you can do a ps and filter by each PID you found with the execution of the fuser
ps -ef | grep $PID
You must substitute $PID with numbers found above (with fuser).
At this point you should decide if you can, identify the aplication is using the file and close it if you can, or kill the process (kill $PID), or delete the file anyway (it maybe be risky).
If you have troubles to decide let us know.
answered Jan 24 '11 at 16:36
tmow
1,1031017
edited Jan 24 '11 at 16:43
answered Jan 24 '11 at 16:36
tmow
1,1031017
answered Jan 24 '11 at 16:36
tmow
1,1031017
answered Jan 24 '11 at 16:36
tmow
1,1031017
1,1031017
add a comment |
add a comment |
up vote
-3
down vote
Turn off SELinux and you won't get these messages anymore - do you really need this feature on? To turn it off, login as root:
echo 0 > /selinux/enforce
edit this file:
vi /etc/selinux/config
and change the attribute SELINUX to be SELINUX=disabled
edited Feb 22 '12 at 18:53
Kevin
26.7k106198
answered Mar 4 '11 at 3:23
Jamato
381
5
Lowering a system's security by disabling SELinux is generally not a good solution to this kind of problem. If anything, I'd change SELINUX=permissive to test the problem, until it's been resolved.
– jsbillings
Mar 8 '11 at 20:04
add a comment |
up vote
-3
down vote
Turn off SELinux and you won't get these messages anymore - do you really need this feature on? To turn it off, login as root:
echo 0 > /selinux/enforce
edit this file:
vi /etc/selinux/config
and change the attribute SELINUX to be SELINUX=disabled
edited Feb 22 '12 at 18:53
Kevin
26.7k106198
answered Mar 4 '11 at 3:23
Jamato
381
5
Lowering a system's security by disabling SELinux is generally not a good solution to this kind of problem. If anything, I'd change SELINUX=permissive to test the problem, until it's been resolved.
– jsbillings
Mar 8 '11 at 20:04
add a comment |
up vote
-3
down vote
up vote
-3
down vote
Turn off SELinux and you won't get these messages anymore - do you really need this feature on? To turn it off, login as root:
echo 0 > /selinux/enforce
edit this file:
vi /etc/selinux/config
and change the attribute SELINUX to be SELINUX=disabled
edited Feb 22 '12 at 18:53
Kevin
26.7k106198
answered Mar 4 '11 at 3:23
Jamato
381
Turn off SELinux and you won't get these messages anymore - do you really need this feature on? To turn it off, login as root:
echo 0 > /selinux/enforce
edit this file:
vi /etc/selinux/config
and change the attribute SELINUX to be SELINUX=disabled
edited Feb 22 '12 at 18:53
Kevin
26.7k106198
answered Mar 4 '11 at 3:23
Jamato
381
edited Feb 22 '12 at 18:53
Kevin
26.7k106198
edited Feb 22 '12 at 18:53
Kevin
26.7k106198
edited Feb 22 '12 at 18:53
Kevin
26.7k106198
26.7k106198
answered Mar 4 '11 at 3:23
Jamato
381
answered Mar 4 '11 at 3:23
Jamato
381
answered Mar 4 '11 at 3:23
Jamato
381
381
5
Lowering a system's security by disabling SELinux is generally not a good solution to this kind of problem. If anything, I'd change SELINUX=permissive to test the problem, until it's been resolved.
– jsbillings
Mar 8 '11 at 20:04
add a comment |
5
Lowering a system's security by disabling SELinux is generally not a good solution to this kind of problem. If anything, I'd change SELINUX=permissive to test the problem, until it's been resolved.
– jsbillings
Mar 8 '11 at 20:04
5
5
Lowering a system's security by disabling SELinux is generally not a good solution to this kind of problem. If anything, I'd change SELINUX=permissive to test the problem, until it's been resolved.
– jsbillings
Mar 8 '11 at 20:04
Lowering a system's security by disabling SELinux is generally not a good solution to this kind of problem. If anything, I'd change SELINUX=permissive to test the problem, until it's been resolved.
– jsbillings
Mar 8 '11 at 20:04
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f3425%2fselinux-denied-access%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
It would help to have more context. What program is this bug report about? What are the actions leading to this error message? What is the program doing?
– Gilles
Oct 24 '10 at 22:11
I am not sure with what program this is associated. On my home screen, along the top bar, I receive a notification for a bug report. A google search indicates this is a common message associated with a new install or an update. The bug report itself indicates it is not a security issue but I don't know enough to not be concerned with random programs trying to access some files. The attached bug report is all I know. I am sorry I don't know enough to provide more information. Where could I obtain what I should provide?
– Mipnix
Oct 24 '10 at 23:19
What's running with that context when you get that error? Run
ps -eZ|grep initrc_tmp_t. It might need to be relabeled with the appropriate SELinux attributes.– jsbillings
Feb 23 '11 at 18:07