[DSE-Dev] Bug#775610: policycoreutils: strange access to /root/tmpfiles.d from restorecond
Laurent Bigonville
bigon at debian.org
Sat Apr 30 16:17:22 UTC 2016
tag 775610 + moreinfo
thanks
On Sun, 18 Jan 2015 10:19:57 +1100 Russell Coker <russell at coker.com.au>
wrote:
Hello Russell,
>
> # dmesg|grep tmpfiles.d
> [ 48.978396] audit: type=1400 audit(1421535877.996:30): avc: denied {
read } for pid=746 comm="restorecond" name="tmpfiles.d" dev="dm-0"
ino=207033 scontext=system_u:system_r:restorecond_t:s0
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=lnk_file permissive=0
> # find /root -inum 207033
> /root/tmpfiles.d
>
> For some reason restorecond is trying to read the symlink
/root/tmpfiles.d.
> The symlink in question was created in 2012 and I don't know why I
created it
> or if it was created by a script.
>
> A grep of the source code didn't show a reason for this access, there
is no
> match for the string tmpfiles.d in the policycoreutils source.
Are you still able to reproduce this?
Cheers,
Laurent Bigonville
More information about the SELinux-devel
mailing list