:
Jon VanAlten
vanaltj-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon Mar 15 19:01:25 UTC 2010
On Mon, Mar 15, 2010 at 2:30 PM, <john.moniz-rieW9WUcm8FFJ04o6PK0Fg at public.gmane.org> wrote:
> Thanks, I didn't expect it to be a bug, thought I had a security problem.
> I've done the updating mentioned on Comment #3 and will keep an eye on it.
>
> Now I turn my attention to Alert 2 at bottom of email. I also found it in
> bugzilla
> https://bugzilla.redhat.com/show_bug.cgi?id=485921
> I did the check shown on Comment #3 and found tons of files labeled file_t
> (# ls -lZ /home/family/.gconf/desktop/gnome/applications/window_manager
> -rw-------. family users system_u:object_r:file_t:s0 %gconf.xml)
>
> But I don't know what to do with that info (am not familiar with labels at
> all). The suggestion on Comment #2 is to do the follwoing:
> touch /.autorelabel;reboot
>
> Does that seem like a good idea? Would it be done for all of the directories
> involved? Any dangers to avoid?
>
Not sure what dangers might exist tbh, but it might be a case of using
a cannon when hunting squirrels. Sure the squirrel will end up dead,
but you probably could use a pellet gun. As I understand it, by
touching that file and then rebooting, SELinux will relabel the entire
filesystem starting at / before fully booting the system. In that
bug, note that the Target Object which SELinux is beefing about
actually is / , which I suspect is why this is their solution.
However in your case it seems from the alert and from the other info
you've added that this is contained to /home. Perhaps, you should pay
particular attention to the part of your SELinux output:
>> > relabel it using the restorecon command. For example if you saved the
>> > home
>> > directory from a previous installation that did not use SELinux,
>> > 'restorecon
>> > -R
>> > -v /home' will fix the labels. Otherwise you should relabel the entire
>> > file
>> > system.
And decide based on this what the most appropriate action is.
Cheers,
jon
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list