|
Server : Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17 System : Linux localhost 2.6.18-419.el5 #1 SMP Fri Feb 24 22:47:42 UTC 2017 x86_64 User : nobody ( 99) PHP Version : 5.2.17 Disable Function : NONE Directory : /proc/21572/root/usr/share/setroubleshoot/plugins/ |
Upload File : |
#
# Authors: Dan Walsh <dwalsh@redhat.com>
#
# Copyright (C) 2007 Red Hat, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
import gettext
_ = gettext.translation('setroubleshoot-plugins', '/usr/share/locale', fallback=True).lgettext
from setroubleshoot.util import *
from setroubleshoot.Plugin import Plugin
import os
from stat import *
import selinux
class plugin(Plugin):
summary = _('''
SELinux is preventing $SOURCE ($SOURCE_TYPE) "$ACCESS" to $TARGET_PATH ($TARGET_TYPE).
''')
problem_description = _('''
SELinux denied access requested by $SOURCE. $TARGET_PATH may
be a mislabeled. $TARGET_PATH default SELinux type is
<B>$MATCHTYPE</B>, while its current type is <B>$TARGET_TYPE</B>. Changing
this file back to the default type, may fix your problem.
File contexts can get assigned to a file can following ways. <ul>
<li>Files created in a directory recieve the file context of the parent directory by default.
<li>Users can change the file context on a file using tools like chcon, or restorecon.
<li>The kernel can decide via policy that an application running as context A Creating a file in a directory labeled B will create files labeled C.
</ul>
This file could have been mislabeled either by user error, or if an normally confined application was run under the wrong domain.
Of course this could also indicate a bug in SELinux, in that the file should not be labeled with
this type. If you believe this is a bug, please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a>
against this package.
''')
fix_description = _('''
You can restore the default system context to this file by executing the
restorecon command. restorecon '$TARGET_PATH', if this file is a directory,
you can recursively restore using restorecon -R '$TARGET_PATH'.
''')
fix_cmd = "restorecon '$TARGET_PATH'"
def __init__(self):
Plugin.__init__(self, __name__)
self.set_priority(55)
def analyze(self, avc):
if not avc.query_environment: return None
restorecon_files =['dir', 'file', 'lnk_file', 'chr_file', 'blk_file']
try:
if avc.has_tclass_in(restorecon_files):
if avc.path is None: return None
stat, fcon = selinux.getfilecon(avc.path)
if stat < 0:
return None
fcon_type=fcon.split(':')[2]
mcon = selinux.matchpathcon(avc.path, os.lstat(avc.path)[ST_MODE])[1]
mcon_type=mcon.split(":")[2]
if fcon_type != mcon_type:
# MATCH
avc.set_template_substitutions(MATCHTYPE=mcon_type)
return self.report(avc, _("File Label"),
self.summary, self.problem_description,
self.fix_description, self.fix_cmd)
except:
pass
return None