Ok I did as you suggested and my output after a
sealert -a /var/log/audit/audit.log > /root/mylogfile.txt
was ____________________________________________________________________________ found 2 alerts in /var/log/audit/audit.log --------------------------------------------------------------------------------
Summary:
SELinux is preventing cp from creating a file with a context of unlabeled_t on a filesystem.
Detailed Description:
[SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.]
SELinux is preventing cp from creating a file with a context of unlabeled_t on a filesystem. Usually this happens when you ask the cp command to maintain the context of a file when copying between file systems, "cp -a" for example. Not all file contexts should be maintained between the file systems. For example, a read-only file type like iso9660_t should not be placed on a r/w system. "cp -P" might be a better solution, as this will adopt the default file context for the destination.
Allowing Access:
Use a command like "cp -P" to preserve all permissions except SELinux context.
Additional Information:
Source Context user_u:object_r:unlabeled_t Target Context system_u:object_r:fs_t Target Objects test.txt [ filesystem ] Source cp Source Path /bin/cp Port <Unknown> Host <Unknown> Source RPM Packages coreutils-5.97-14.el5 Target RPM Packages Policy RPM selinux-policy-2.4.6-137.1.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name filesystem_associate Host Name the-rat.xxxx.ca Platform Linux the-rat.xxxxx.ca 2.6.18-92.1.13.el5 #1 SMP Wed Sep 24 19:33:52 EDT 2008 i686 i686 Alert Count 5 First Seen Thu Oct 16 13:11:30 2008 Last Seen Wed Nov 5 10:59:39 2008 Local ID 70942f5b-18a0xxxxxxxc86b Line Numbers 5, 6, 1227, 1228, 1703, 1704, 2766, 2767, 3066, 3067
Raw Audit Messages
type=AVC msg=audit(1225900779.959:311): avc: denied { associate } for pid=14890 comm="cp" name="test.txt" scontext=user_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
type=SYSCALL msg=audit(1225900779.959:311): arch=40000003 syscall=5 success=yes exit=4 a0=9a720d0 a1=8041 a2=81b4 a3=8041 items=0 ppid=14864 pid=14890 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts5 ses=1 comm="cp" exe="/bin/cp" subj=user_u:system_r:unconfined_t:s0 key=(null)
-------------------------------------------------------------------------------- _____________________________________________________________________________
But
[freund@the-rat ~]$ ls -Z test.txt -rw-rw-r-- freund freund user_u:object_r:user_home_t test.txt
so I am wondering where the unlabeled_t is coming from.
On Saturday 01 November 2008 4:24:27 pm Nifty Cluster Mitch wrote:
On Wed, Oct 29, 2008 at 11:23:28AM -0400, Al Freundorfer wrote:
I was directed to post this on the mailing list. See the following forum post as a reference.
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=16710&forum=4...
I formatted my external ext3 372GB USB hard drive in ubuntu and now want to use it in Centos. I made sure that my group/user numbers were the same. I was not able to write to the mounted USB hard drive (HD). I suspected selinux and shut it of and I was able to copy the file! I set selinux back to enforce and rebooted. I like the security features of selinux.
I tried:
- chcon -v
- restorecon -Rv /media/disk
- cp -P
and still am not able to write to the USB HD. The sad part is I can delete files from the USB HD. See forum post for details.
I tried it in fedora 9 and it is able to write to the USB HD
I tried an 32GB USB memory stick in Centos 5.2 and it worked! I am wondering why it doesn't work for my USB HD? The only difference is the the size.
Try rebooting in permissive mode then inspect the avc messages.
Double check the permissions of the mount point before and after mounting the device.