Ask Your Question
1

SELinux alert when tmpwatch accesses unknown directory

asked 2012-06-13 06:23:15 -0600

fat-lobyte gravatar image

Hi, for a few weeks I regularly get a SELinux alert:

Source Context                system_u:system_r:tmpreaper_t:s0-s0:c0.c1023
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                5072C3A473656E746174696F6E [ dir ]
Source                        tmpwatch
Source Path                   /usr/sbin/tmpwatch

I would assume that something is wrong with the target context, but the problem is, I can't find this weird directory!

locate 5072C3A473656E746174696F6E

Turns up nothing, and

find /tmp/ -type d -name 5072C3A473656E746174696F6E
find /var/tmp/ -type d -name 5072C3A473656E746174696F6E

don't either.

The name is allways the same.

Does anyone have any Idea where this directory could be??

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
5

answered 2012-10-04 13:26:48 -0600

Dan Walsh gravatar image

Most likely this is a file moved to /tmp with a space in the name.

Try:

find /tmp/ -context ":user_home_t"

Newer Fedoras will just allow tmpwatch to delete this content.

edit flag offensive delete link more

Question Tools

Stats

Asked: 2012-06-13 06:23:15 -0600

Seen: 288 times

Last updated: Oct 04 '12