Smart and SELinux (Fedora 7)

Frode Petersen fropeter at online.no
Thu Aug 2 02:59:55 PDT 2007 

Hello.
When using Smart, I sometimes get an AVC-denial from SELinux. The latest 
report is at the bottom of this post. It looks like a temporary file 
used by Smart is deleted after operations on it is denied.

Does this do any harm to the data used by Smart or damage any rpms? Is 
there a way to avoid this behaviour?

Btw: Thanks for Smart; a few quirks, but otherwise great.

Btw2: Is there an overview somewhere of all keys (and values) that smart 
recognizes in the .channel files? I have not found one yet.

Frode Petersen


Summary
SELinux is preventing the /sbin/depmod from using potentially mislabeled 
files (/tmp/tmpzACEzq-smart-rpm-out.txt (deleted)).

Detailed Description
SELinux has denied /sbin/depmod access to potentially mislabeled file(s) 
(/tmp/tmpzACEzq-smart-rpm-out.txt (deleted)). This means that SELinux 
will not allow /sbin/depmod to use these files. It is common for users 
to edit files in their home directory or tmp directories and then move 
(mv) them to system directories. The problem is that the files end up 
with the wrong file context which confined applications are not allowed 
to access.

Allowing Access
If you want /sbin/depmod to access this files, you need to relabel them 
using restorecon -v /tmp/tmpzACEzq-smart-rpm-out.txt (deleted). You 
might want to relabel the entire directory using restorecon -R -v /tmp.

Additional Information
Source Context:  system_u:system_r:depmod_t
Target Context:  system_u:object_r:rpm_tmp_t
Target Objects:  /tmp/tmpzACEzq-smart-rpm-out.txt (deleted) [ file ]
Affected RPM Packages:  module-init-tools-3.3-0.pre11.1.0.fc7 [application]
Policy RPM:  selinux-policy-2.6.4-29.fc7
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Enforcing
Plugin Name:  plugins.home_tmp_bad_labels
Host Name:  localhost.localdomain
Platform:  Linux localhost.localdomain 2.6.22.1-33.fc7 #1 SMP Mon Jul 23 
17:33:07 EDT 2007 i686 i686
Alert Count:  1
First Seen:  tor 02-08-2007 10:57:51 CEST
Last Seen:  tor 02-08-2007 10:57:51 CEST
Local ID:  405def62-de56-41d7-990a-21d74cacab5b
Line Numbers:  

Raw Audit Messages :

avc: denied { read, write } for comm="depmod" dev=dm-0 egid=0 euid=0 
exe="/sbin/depmod" exit=0 fsgid=0 fsuid=0 gid=0 items=0 
name="tmpzACEzq-smart-rpm-out.txt"
path=2F746D702F746D707A4143457A712D736D6172742D72706D2D6F75742E747874202864656C6574656429 
pid=7917 scontext=system_u:system_r:depmod_t:s0 sgid=0 
subj=system_u:system_r:depmod_t:s0 suid=0 tclass=file 
tcontext=system_u:object_r:rpm_tmp_t:s0 tty=(none) uid=0

More information about the Smart mailing list