-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/09/2013 06:50 PM, Dominick Grift wrote:
On Tue, 2013-12-10 at 00:42 +0100, Dominick Grift wrote:
On Mon, 2013-12-09 at 17:35 -0600, Ian Pilcher wrote:
Just got this when trying to use the SPICE plugin. The alert browser is telling me that I need to:
If you want to fix the label. /var/cache/fontconfig/beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4 default label should be fonts_cache_t. Then you can run restorecon. Do # /sbin/restorecon -v /var/cache/fontconfig/beeeeb3dfe132a8a0633a017c99ce0c0-le64.cache-4
This is what you want to do for now. There seems to be a bug in policy since the content should have been created with type fonts_cache_t and not auth_cache_t
Can you reproduce this? Consider filling a bug report for this in the selinux-policy component. Enclose this setroubleshoot report
how is your /var/cache/fontconfig labeled?
ls -dZ /var/cache/fontconfig
I could not find any obvious bug in short notice. Will try again tomorrow
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
sesearch -T -t var_t | grep auth_cache_t type_transition remote_login_t var_t : dir auth_cache_t; type_transition certwatch_t var_t : file auth_cache_t; type_transition certwatch_t var_t : dir auth_cache_t; type_transition sshd_t var_t : dir auth_cache_t; type_transition rshd_t var_t : dir auth_cache_t; type_transition xdm_t var_t : dir auth_cache_t; type_transition local_login_t var_t : dir auth_cache_t; type_transition rlogind_t var_t : dir auth_cache_t;
Looks like login programs creating content in var_t would do this transition.
Changing the following line will prevent this transition.
files_var_filetrans(login_pgm, auth_cache_t, dir, "coolkey")
Also adding miscfiles_filetrans_named_content(login_pgm)
To make sure content gets created with the correct label.