Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 453890 - Started getting a bunch of selinux warnings after updates today
Summary: Started getting a bunch of selinux warnings after updates today
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 9
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2008-07-03 01:41 UTC by Andrew Kroll
Modified: 2008-07-03 15:45 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2008-07-03 15:45:02 UTC

Attachments (Terms of Use)

Description Andrew Kroll 2008-07-03 01:41:52 UTC

SELinux is preventing tmpwatch (tmpreaper_t) "getattr" to
/tmp/vbox.0/build_in_tmp (usr_t).

Detailed Description:

SELinux denied access requested by tmpwatch. It is not expected that this access
is required by tmpwatch and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for /tmp/vbox.0/build_in_tmp,

restorecon -v '/tmp/vbox.0/build_in_tmp'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
( Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (
against this package.

Additional Information:

Source Context                system_u:system_r:tmpreaper_t:s0
Target Context                system_u:object_r:usr_t:s0
Target Objects                /tmp/vbox.0/build_in_tmp [ file ]
Source                        tmpwatch
Source Path                   /usr/sbin/tmpwatch
Port                          <Unknown>
Host                          Willow
Source RPM Packages           tmpwatch-2.9.13-2
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-72.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     Willow
Platform                      Linux Willow #1 SMP Fri Jun
                              27 15:58:30 EDT 2008 x86_64 x86_64
Alert Count                   1
First Seen                    Wed 02 Jul 2008 08:04:01 PM CDT
Last Seen                     Wed 02 Jul 2008 08:04:01 PM CDT
Local ID                      8f9cb69d-63f2-4104-84d7-1757e4f52f76
Line Numbers                  

Raw Audit Messages            

host=Willow type=AVC msg=audit(1215047041.984:78): avc:  denied  { getattr } for
 pid=6021 comm="tmpwatch" path="/tmp/vbox.0/build_in_tmp" dev=dm-0 ino=9887758
scontext=system_u:system_r:tmpreaper_t:s0 tcontext=system_u:object_r:usr_t:s0

host=Willow type=SYSCALL msg=audit(1215047041.984:78): arch=c000003e syscall=6
success=no exit=-13 a0=1d95e03 a1=7fff71c5b400 a2=7fff71c5b400 a3=3e1d367a58
items=0 ppid=6019 pid=6021 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tmpwatch"
exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0 key=(null)

Additional info:

Comment 1 Daniel Walsh 2008-07-03 15:45:02 UTC
Just remove this file.  Some rpm installed this file in /usr and then mv'd it to
/tmp.  It has the wrong label on it and can not be deleted by tmpwatch.

You could change it;s context to tmp_t and this will allow tmpwatch to remove it.

chcon -t tmp_t -R /tmp/vbox.0

If you figure out which rpm did this, we need to open a bugzilla on it.

Note You need to log in before you can comment on or make changes to this bug.