SELinux Error

Madireddy Samuel Vijaykumar Wed, 29 Sep 2010 01:42:29 -0700

When do a ...

$ bin/riak start


I get a SELinux Security Alert and the riak node is never started. The
following the SELinux error, has anyone looked into this?

Summary:

SELinux is preventing access to files with the label, file_t.

Detailed Description:

SELinux permission checks on files labeled file_t are being denied. file_t
is
the context the SELinux kernel gives to files that do not have a label. This
indicates a serious labeling problem. No files on an SELinux box should ever
be
labeled file_t. If you have just added a disk drive to the system you can
relabel it using the restorecon command. For example if you saved the home
directory from a previous installation that did not use SELinux, 'restorecon
-R
-v /home' will fix the labels. Otherwise you should relabel the entire file
system.

Allowing Access:

You can execute the following command as root to relabel your computer
system:
"touch /.autorelabel; reboot"

Additional Information:

Source Context
 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Context                unconfined_u:object_r:file_t:s0
Target Objects
 /livingcode/sandbox/riak/riak-0.12.0/rel/riak/lib/
                              erlang_js-0.4/priv/erlang_js_drv.so [ file ]
Source                        beam.smp
Source Path
/livingcode/sandbox/riak/riak-0.12.0/rel/riak/erts
                              -5.8/bin/beam.smp
Port                          <Unknown>
Host                          sam.csslabs
Source RPM Packages
Target RPM Packages
Policy RPM                    selinux-policy-3.7.19-57.fc13
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   file
Host Name                     sam.csslabs
Platform                      Linux sam.csslabs 2.6.34.7-56.fc13.i686 #1 SMP
Wed
                              Sep 15 03:33:58 UTC 2010 i686 i686
Alert Count                   3
First Seen                    Wed 29 Sep 2010 01:42:12 PM IST
Last Seen                     Wed 29 Sep 2010 01:55:51 PM IST
Local ID                      fbfa8445-e6d3-42a8-9396-80d75f288650
Line Numbers

Raw Audit Messages

node=sam.csslabs type=AVC msg=audit(1285748751.47:24835): avc:  denied  {
execmod } for  pid=5633 comm="beam.smp"
path="/livingcode/sandbox/riak/riak-0.12.0/rel/riak/lib/erlang_js-0.4/priv/erlang_js_drv.so"
dev=dm-2 ino=6938
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:file_t:s0 tclass=file

node=sam.csslabs type=SYSCALL msg=audit(1285748751.47:24835): arch=40000003
syscall=125 success=no exit=-13 a0=4b6000 a1=c0000 a2=5 a3=b60cfd50 items=0
ppid=5599 pid=5633 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=pts2 ses=1 comm="beam.smp"
exe="/livingcode/sandbox/riak/riak-0.12.0/rel/riak/erts-5.8/bin/beam.smp"
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)


"""
Anyday...
Above the ground and vertical
... is a good day!
"""
http://megam.info
:)~

_______________________________________________
riak-users mailing list
riak-users@lists.basho.com
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com

SELinux Error

Reply via email to