Continuously getting an error that SELinux is preventing access to files with the label "file_t".

Solution Unverified - Updated -

Issue

  • Continuously getting an error that SELinux is preventing access to files with the label "file_t".

  • Here is complete Summary of the error :

    SELinux is preventing access to files with the label, file_t.

Detailed Description:

[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]

SELinux permission checks on files labeled file_t are being denied. file_t is
the context the SELinux kernel gives to files that do not have a label. This
indicates a serious labeling problem. No files on an SELinux box should ever be
labeled file_t. If you have just added a new disk drive to the system you can
relabel it using the restorecon command. Otherwise you should relabel the entire
files system.

Allowing Access:

You can execute the following command as root to relabel your computer system:
"touch /.autorelabel; reboot"

Additional Information:

Source Context                user_u:system_r:unconfined_t
Target Context                user_u:object_r:file_t
Target Objects                /u01/app/oracle/product/11.1.0/db_1/lib/libnnz11.s
                              o [ file ]
Source                        lsnrctl
Source Path                   /u01/app/oracle/product/11.1.0/db_1/bin/lsnrctl
Port                          <Unknown>
Host                          ora10.tctc.local
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-2.4.6-203.el5
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   file
Host Name                     ora10.tctc.local
Platform                      Linux ora10.tctc.local 2.6.18-128.el5 #1 SMP Wed
                              Dec 17 11:41:38 EST 2008 x86_64 x86_64
Alert Count                   189
First Seen                    Tue 02 Feb 2010 09:07:40 PM EST
Last Seen                     Wed 07 Jul 2010 03:14:46 PM EDT
Local ID                      50b57cbb-c6a6-4103-81d6-942a8411c58a
Line Numbers                  

Raw Audit Messages            

host=ora10.tctc.local type=AVC msg=audit(1278530086.136:245490): avc:  denied  { execmod } for  pid=4077
comm="rman" path="/u01/app/oracle/product/11.1.0/db_1/lib/libnnz11.so" dev=dm-5 ino=8061293
scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:object_r:file_t:s0 tclass=file

host=ora10.tctc.local type=SYSCALL msg=audit(1278530086.136:245490): arch=c000003e syscall=10 success=yes
exit=0 a0=2b1461423000 a1=2a0000 a2=5 a3=2b1461426110 items=0 ppid=13040 pid=4077 auid=501 uid=501
gid=301 euid=501 suid=501 fsuid=501 egid=301 sgid=301 fsgid=301 tty=(none) ses=39390 comm="rman"
exe="/u01/app/oracle/product/11.1.0/db_1/bin/rman" subj=user_u:system_r:unconfined_t:s0 key=(null)

Environment

  • Red Hat Enterprise Linux (All Versions)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content