Ask Question Forum:
Model Library:2025-02-08 Updated:A.I. model is online for auto reply question page
C
O
M
P
U
T
E
R
2
8
Show
#
ASK
RECENT
←
- Underline
- Bold
- Italic
- Indent
- Step
- Bullet
- Quote
- Cut
- Copy
- Paste
- Table
- Spelling
- Find & Replace
- Undo
- Redo
- Link
- Attach
- Clear
- Code
Below area will not be traslated by Google,you can input code or other languages
Hint:If find spelling error, You need to correct it,1 by 1 or ignore it (code area won't be checked).
X-position of the mouse cursor
Y-position of the mouse cursor
Y-position of the mouse cursor
Testcursor
caretPos
Attachment:===
Asked by t1shopper
at 2024-07-18 14:30:34
ModifyPoint:500 Replies:14 POST_ID:829023USER_ID:11928
Topic:
Linux;Linux Network Security;Linux Programming
How do I fix this?
SELinux is preventing tzdata-update (tzdata_t) "unlink" to localtime (etc_t).Detailed Description:SELinux is preventing tzdata-update (tzdata_t) "unlink" to localtime (etc_t).The SELinux type etc_t, is a generic type for all files in the directory andvery few processes (SELinux Domains) are allowed to write to this SELinux type.This type of denial usual indicates a mislabeled file. By default a file createdin a directory has the gets the context of the parent directory, but SELinuxpolicy has rules about the creation of directories, that say if a processrunning in one SELinux Domain (D1) creates a file in a directory with aparticular SELinux File Context (F1) the file gets a different File Context(F2). The policy usually allows the SELinux Domain (D1) the ability to write,unlink, and append on (F2). But if for some reason a file (localtime) wascreated with the wrong context, this domain will be denied. The usual solutionto this problem is to reset the file context on the target file, restorecon -v'localtime'. If the file context does not change from etc_t, then this isprobably a bug in policy. Please file a bug report(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against the selinux-policypackage. If it does change, you can try your application again to see if itworks. The file context could have been mislabeled by editing the file or movingthe file from a different directory, if the file keeps getting mislabeled, checkthe init scripts to see if they are doing something to mislabel the file.Allowing Access:You can attempt to fix file context by executing restorecon -v 'localtime'The following command will allow this access:restorecon 'localtime'Additional Information:Source Context root:system_r:tzdata_t:SystemLow-SystemHighTarget Context root:object_r:etc_tTarget Objects localtime [ lnk_file ]Source tzdata-updateSource Path /usr/sbin/tzdata-updatePort <Unknown>Host <Unknown>Source RPM Packages glibc-common-2.5-118.el5_10.2Target RPM PackagesPolicy RPM selinux-policy-2.4.6-346.el5Selinux Enabled TruePolicy Type targetedMLS Enabled TrueEnforcing Mode EnforcingPlugin Name mislabeled_fileHost Name www.t1shopper.comPlatform Linux www.t1shopper.com 2.6.18-371.8.1.el5 #1 SMP Thu Apr 24 18:19:36 EDT 2014 x86_64 x86_64Alert Count 1First Seen Fri Jul 18 21:16:23 2014Last Seen Fri Jul 18 21:16:23 2014Local ID 7c273cdf-e822-48f4-90a3-2e13b6e1996eLine Numbers 16744, 16745Raw Audit Messagestype=AVC msg=audit(1405718183.87:560873): avc: denied { unlink } for pid=2777 comm="tzdata-update" name="localtime" dev=dm-0 ino=29262001 scontext=root:system_r:tzdata_t:s0-s0:c0.c1023 tcontext=root:object_r:etc_t:s0 tclass=lnk_filetype=SYSCALL msg=audit(1405718183.87:560873): arch=c000003e syscall=82 success=no exit=-13 a0=7fff66233ca0 a1=400cf9 a2=76 a3=6094e0 items=0 ppid=29416 pid=2777 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=92051 comm="tzdata-update" exe="/usr/sbin/tzdata-update" subj=root:system_r:tzdata_t:s0-s0:c0.c1023 key=(null) 1:2:3:4:5:6:7:8:9:10:11:12:13:14:15:16:17:18:19:20:21:22:23:24:25:26:27:28:29:30:31:32:33:34:35:36:37:38:39:40:41:42:43:44:45:46:47:48:49:50:51:52:53:54:55:56:57:58:59:60:61:62:63:64:
Expert: Sandy replied at 2024-07-24 21:17:55
Seems like yes.. check and suggest
ty/sa
ty/sa
Author: t1shopper replied at 2024-07-24 21:14:47
That all seemed to run successfully (see below). Should it be fixed?
[root@www ~]# cd /etc/[root@www etc]# restorecon -R /etc 'localtime'[root@www etc]# ls -lZ localtimelrwxrwxrwx root root root:object_r:etc_t localtime -> /usr/share/zoneinfo/GMT[root@www etc]# 1:2:3:4:5:
Accepted Solution
Expert: Sandy replied at 2024-07-24 20:37:49
500 points EXCELLENT
hold on... you execute the correct command from wrong path
#cd /etc/
# restorecon -R /etc 'localtime'
#ls -lZ localtime
Now check and post...
TY/SA
#cd /etc/
# restorecon -R /etc 'localtime'
#ls -lZ localtime
Now check and post...
TY/SA
Author: t1shopper replied at 2024-07-24 10:48:38
I'm not sure if any of this fixed it but here's the status:
- Sandy: The output of your solution is included below.
- Duncanb7: Here's the output if the 4 tests.
[root@www ~]# restorecon -v 'localtime'lstat(localtime) failed: No such file or directory[root@www ~]# restorcon 'localtme'-bash: restorcon: command not found[root@www ~]# restorecon 'localtme'lstat(localtme) failed: No such file or directory[root@www ~]# restorecon 'localtime'lstat(localtime) failed: No such file or directory[root@www ~]# restorecon -R -v /etc 'localtime'restorecon reset /etc/aliases context root:object_r:etc_t:s0->system_u:object_r:etc_aliases_t:s0restorecon reset /etc/dovecot.conf context root:object_r:etc_t:s0->system_u:object_r:dovecot_etc_t:s0restorecon reset /etc/rc.d/init.d/php_mysql_memory_table_maxmind context root:object_r:etc_t:s0->system_u:object_r:initrc_exec_t:s0restorecon reset /etc/my.cnf context root:object_r:etc_t:s0->system_u:object_r:mysqld_etc_t:s0restorecon reset /etc/modprobe.d/anaconda.conf context system_u:object_r:file_t:s0->system_u:object_r:etc_t:s0restorecon reset /etc/aliases.original context system_u:object_r:etc_aliases_t:s0->system_u:object_r:etc_t:s0restorecon reset /etc/openwsman/serverkey.pem context system_u:object_r:etc_runtime_t:s0->system_u:object_r:etc_t:s0restorecon reset /etc/openwsman/servercert.pem context system_u:object_r:etc_runtime_t:s0->system_u:object_r:etc_t:s0restorecon reset /etc/sysconfig/mkinitrd/multipath context system_u:object_r:file_t:s0->system_u:object_r:etc_t:s0restorecon reset /etc/sysconfig/iptables.2012-03-01.default.original context root:object_r:etc_t:s0->system_u:object_r:iptables_conf_t:s0restorecon reset /etc/sysconfig/iptables.2013-02-13 context root:object_r:etc_runtime_t:s0->system_u:object_r:iptables_conf_t:s0restorecon reset /etc/sysconfig/iptables.2011-01-10 context root:object_r:etc_t:s0->system_u:object_r:iptables_conf_t:s0restorecon reset /etc/sysconfig/iptables_base_configuration context root:object_r:etc_t:s0->system_u:object_r:iptables_conf_t:s0restorecon reset /etc/sysconfig/iptables context root:object_r:etc_t:s0->system_u:object_r:iptables_conf_t:s0restorecon reset /etc/sysconfig/ip6tables context root:object_r:etc_t:s0->system_u:object_r:iptables_conf_t:s0restorecon reset /etc/sysconfig/iptables.2013-04-20 context root:object_r:etc_t:s0->system_u:object_r:iptables_conf_t:s0restorecon reset /etc/sysconfig/iptables.2013-08-31 context root:object_r:etc_t:s0->system_u:object_r:iptables_conf_t:s0restorecon reset /etc/sysconfig/iptables-config context root:object_r:etc_t:s0->system_u:object_r:iptables_conf_t:s0restorecon reset /etc/my.cnf.2013-03-01.original context system_u:object_r:mysqld_etc_t:s0->system_u:object_r:etc_t:s0restorecon: error while labeling files under localtime[root@www ~]# restorecon -R /etc 'localtime'restorecon: error while labeling files under localtime 1:2:3:4:5:6:7:8:9:10:11:12:13:14:15:16:17:18:19:20:21:22:23:24:25:26:27:28:29:30:31:
Expert: duncanb7 replied at 2024-07-19 01:56:56
sandy reminds me, thanks, Sorry, tishopper question post that it mentioned
Allowing Access:
You can attempt to fix file context by executing restorecon -v 'localtime'
The following command will allow this access:
restorecon 'localtime'
Additional Information:
So try
- TEST-1, restorecon -v 'localtime'
-TEST-2, restorcon 'localtme'
-Test-3, restorecon -R -v /etc 'localtime'
-TEst-4, restorecon -R /etc 'localtime'
Probably it will work hopefully
Duncan
Allowing Access:
You can attempt to fix file context by executing restorecon -v 'localtime'
The following command will allow this access:
restorecon 'localtime'
Additional Information:
So try
- TEST-1, restorecon -v 'localtime'
-TEST-2, restorcon 'localtme'
-Test-3, restorecon -R -v /etc 'localtime'
-TEst-4, restorecon -R /etc 'localtime'
Probably it will work hopefully
Duncan
Expert: Sandy replied at 2024-07-19 01:46:20
Restorecon -R /etc localtime
Author: t1shopper replied at 2024-07-18 20:05:44
Is this what you want? If not, please give me exact commands to run. Thanks.
drwxr-xr-x root root system_u:object_r:etc_t etcdrwxr-xr-x root root system_u:object_r:locale_t zoneinfo 1:2:3:
Expert: duncanb7 replied at 2024-07-18 19:03:12
could you check the file or directory permisision privilege or right on that file /etc/localtime or its link file or directory ?
Duncan
Duncan
Author: t1shopper replied at 2024-07-18 16:55:17
No change in permissions or context.
[root@www ~]# sudo restorecon -v '/etc/localtime'[root@www ~]# ls -Z /etc/localtimelrwxrwxrwx root root root:object_r:etc_t /etc/localtime -> /usr/share/zoneinfo/GMT[root@www ~]sudo restorecon -v '/usr/share/zoneinfo/GMT'[root@www ~]# ls -Z '/usr/share/zoneinfo/GMT'-rw-r--r-- root root system_u:object_r:locale_t /usr/share/zoneinfo/GMT 1:2:3:4:5:6:7:
Expert: duncanb7 replied at 2024-07-18 16:30:03
how about sudo ?
Author: t1shopper replied at 2024-07-18 16:24:39
You are already in root access, why it will have issue ?
I don't know, that's what I'm asking you! Expert: duncanb7 replied at 2024-07-18 16:22:58
You are already in root access, why it will have issue ? could you do sudo with the command ?
Duncan
Duncan
Author: t1shopper replied at 2024-07-18 16:15:18
What command or utility tool recently you ran so that you have such issue ?
Probably when the system ran yum update it tried to update the timezone files.Here's the steps I took to fix it which didn't seem to work because the security settings on the file didn't change.
[root@www ~]# ls -Z /etc/localtimelrwxrwxrwx root root root:object_r:etc_t /etc/localtime -> /usr/share/zoneinfo/GMT[root@www ~]# restorecon '/etc/localtime'[root@www ~]# restorecon -v 'localtime'lstat(localtime) failed: No such file or directory[root@www ~]# ls -Z /etc/localtimelrwxrwxrwx root root root:object_r:etc_t /etc/localtime -> /usr/share/zoneinfo/GMT[root@www ~]# ls -Z /usr/share/zoneinfo/GMT-rw-r--r-- root root system_u:object_r:locale_t /usr/share/zoneinfo/GMT 1:2:3:4:5:6:7:8:9:10:11:12:
Expert: duncanb7 replied at 2024-07-18 14:45:55
The attachment you posted said try to
And it suggests to use restorecon '/etc/localtime' in this blog that is similar to your issue at
https://bugzilla.redhat.com/show_bug.cgi?id=517452
What command or utility tool recently you ran so that you have such issue ?
Duncan
You can attempt to fix file context by executing restorecon -v 'localtime'
And it suggests to use restorecon '/etc/localtime' in this blog that is similar to your issue at
https://bugzilla.redhat.com/show_bug.cgi?id=517452
What command or utility tool recently you ran so that you have such issue ?
Duncan
