Attachment 298050 Details for Bug 437478 – From setroubleshoot browser

From setroubleshoot browser

selinux_alert.txt (text/plain), 47.03 KB, created by Steve Murphy on 2008-03-14 14:13:04 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Steve Murphy

Created: 2008-03-14 14:13:04 UTC

Size: 47.03 KB

patch

obsolete

>
>Summary:
>
>SELinux is preventing sshd (sshd_t) "link" to <Unknown> (xdm_t).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux denied access requested by sshd. It is not expected that this access is
>required by sshd and this access may signal an intrusion attempt. It is also
>possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:sshd_t:s0-s0:c0.c1023
>Target Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
>Target Objects                None [ key ]
>Source                        sshd
>Source Path                   /usr/sbin/sshd
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           openssh-server-4.7p1-9.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   catchall
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.113.rc5.git2.fc9 #1 SMP Tue Mar 11
>                              23:11:11 EDT 2008 i686 i686
>Alert Count                   2
>First Seen                    Fri 14 Mar 2008 06:12:25 AM MDT
>Last Seen                     Fri 14 Mar 2008 08:00:27 AM MDT
>Local ID                      05475627-fe45-4b34-98d5-b04d10e38f7b
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205503227.786:97): avc:  denied  { link } for  pid=8338 comm="sshd" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=key
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205503227.786:97): arch=40000003 syscall=288 success=yes exit=0 a0=8 a1=fffffffc a2=fffffffd a3=1f4 items=0 ppid=2447 pid=8338 auid=4294967295 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing gam_server (gamin_t) "ptrace" to <Unknown>
>(restorecond_t).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux denied access requested by gam_server. It is not expected that this
>access is required by gam_server and this access may signal an intrusion
>attempt. It is also possible that the specific version or configuration of the
>application is causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:gamin_t:s0
>Target Context                system_u:system_r:restorecond_t:s0
>Target Objects                None [ process ]
>Source                        gam_server
>Source Path                   /usr/libexec/gam_server
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           gamin-0.1.9-5.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   catchall
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.113.rc5.git2.fc9 #1 SMP Tue Mar 11
>                              23:11:11 EDT 2008 i686 i686
>Alert Count                   1588
>First Seen                    Thu 13 Mar 2008 08:46:34 PM MDT
>Last Seen                     Fri 14 Mar 2008 06:50:05 AM MDT
>Local ID                      ae8b8adc-80d6-42fa-b7bd-635c387b792d
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205499005.432:70): avc:  denied  { ptrace } for  pid=2903 comm="gam_server" scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:restorecond_t:s0 tclass=process
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205499005.432:70): arch=40000003 syscall=195 success=yes exit=0 a0=82ea740 a1=bfc7ff30 a2=bf3ff4 a3=bfc800cc items=0 ppid=1 pid=2903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing gam_server (gamin_t) "sys_ptrace" to <Unknown> (gamin_t).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux denied access requested by gam_server. It is not expected that this
>access is required by gam_server and this access may signal an intrusion
>attempt. It is also possible that the specific version or configuration of the
>application is causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:gamin_t:s0
>Target Context                system_u:system_r:gamin_t:s0
>Target Objects                None [ capability ]
>Source                        gam_server
>Source Path                   /usr/libexec/gam_server
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           gamin-0.1.9-5.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   catchall
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.113.rc5.git2.fc9 #1 SMP Tue Mar 11
>                              23:11:11 EDT 2008 i686 i686
>Alert Count                   4750
>First Seen                    Thu 13 Mar 2008 08:46:34 PM MDT
>Last Seen                     Fri 14 Mar 2008 06:50:05 AM MDT
>Local ID                      4cb2be27-1f42-4f3a-b67d-98fb23124257
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205499005.374:69): avc:  denied  { sys_ptrace } for  pid=2903 comm="gam_server" capability=19 scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:gamin_t:s0 tclass=capability
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205499005.374:69): arch=40000003 syscall=195 success=yes exit=0 a0=83113e0 a1=bfc7ff30 a2=bf3ff4 a3=bfc800cc items=0 ppid=1 pid=2903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing gam_server (gamin_t) "ptrace" to <Unknown>
>(NetworkManager_t).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux denied access requested by gam_server. It is not expected that this
>access is required by gam_server and this access may signal an intrusion
>attempt. It is also possible that the specific version or configuration of the
>application is causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:gamin_t:s0
>Target Context                unconfined_u:system_r:NetworkManager_t:s0
>Target Objects                None [ process ]
>Source                        gam_server
>Source Path                   /usr/libexec/gam_server
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           gamin-0.1.9-5.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   catchall
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.113.rc5.git2.fc9 #1 SMP Tue Mar 11
>                              23:11:11 EDT 2008 i686 i686
>Alert Count                   2
>First Seen                    Fri 14 Mar 2008 06:48:07 AM MDT
>Last Seen                     Fri 14 Mar 2008 06:49:06 AM MDT
>Local ID                      401baa14-026e-46fb-9ad5-10296760d96b
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205498946.309:68): avc:  denied  { ptrace } for  pid=2903 comm="gam_server" scontext=system_u:system_r:gamin_t:s0 tcontext=unconfined_u:system_r:NetworkManager_t:s0 tclass=process
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205498946.309:68): arch=40000003 syscall=195 success=yes exit=0 a0=8316ad0 a1=bfc7ff30 a2=bf3ff4 a3=bfc800cc items=0 ppid=1 pid=2903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing gam_server (gamin_t) "ptrace" to <Unknown> (hald_t).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux denied access requested by gam_server. It is not expected that this
>access is required by gam_server and this access may signal an intrusion
>attempt. It is also possible that the specific version or configuration of the
>application is causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:gamin_t:s0
>Target Context                system_u:system_r:hald_t:s0
>Target Objects                None [ process ]
>Source                        gam_server
>Source Path                   /usr/libexec/gam_server
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           gamin-0.1.9-5.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   catchall
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.113.rc5.git2.fc9 #1 SMP Tue Mar 11
>                              23:11:11 EDT 2008 i686 i686
>Alert Count                   5
>First Seen                    Fri 14 Mar 2008 06:15:04 AM MDT
>Last Seen                     Fri 14 Mar 2008 06:48:52 AM MDT
>Local ID                      b1ae0d2d-8a66-4dcb-b291-6e30fe1b0050
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205498932.279:67): avc:  denied  { ptrace } for  pid=2903 comm="gam_server" scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=process
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205498932.279:67): arch=40000003 syscall=195 success=yes exit=0 a0=83113e0 a1=bfc7ff30 a2=bf3ff4 a3=bfc800cc items=0 ppid=1 pid=2903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing gam_server (gamin_t) "ptrace" to <Unknown>
>(system_dbusd_t).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux denied access requested by gam_server. It is not expected that this
>access is required by gam_server and this access may signal an intrusion
>attempt. It is also possible that the specific version or configuration of the
>application is causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:gamin_t:s0
>Target Context                system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
>Target Objects                None [ process ]
>Source                        gam_server
>Source Path                   /usr/libexec/gam_server
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           gamin-0.1.9-5.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   catchall
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.113.rc5.git2.fc9 #1 SMP Tue Mar 11
>                              23:11:11 EDT 2008 i686 i686
>Alert Count                   5
>First Seen                    Fri 14 Mar 2008 06:14:55 AM MDT
>Last Seen                     Fri 14 Mar 2008 06:48:36 AM MDT
>Local ID                      cbd505f6-eeef-4b02-92cb-e8e6567ef53c
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205498916.466:66): avc:  denied  { ptrace } for  pid=2903 comm="gam_server" scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=process
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205498916.466:66): arch=40000003 syscall=195 success=yes exit=0 a0=82fc9f8 a1=bfc7ff30 a2=bf3ff4 a3=bfc800cc items=0 ppid=1 pid=2903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing gam_server (gamin_t) "ptrace" to <Unknown> (auditd_t).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux denied access requested by gam_server. It is not expected that this
>access is required by gam_server and this access may signal an intrusion
>attempt. It is also possible that the specific version or configuration of the
>application is causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:gamin_t:s0
>Target Context                system_u:system_r:auditd_t:s0
>Target Objects                None [ process ]
>Source                        gam_server
>Source Path                   /usr/libexec/gam_server
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           gamin-0.1.9-5.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   catchall
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.113.rc5.git2.fc9 #1 SMP Tue Mar 11
>                              23:11:11 EDT 2008 i686 i686
>Alert Count                   1587
>First Seen                    Thu 13 Mar 2008 08:46:34 PM MDT
>Last Seen                     Fri 14 Mar 2008 06:48:36 AM MDT
>Local ID                      0e4f5706-0d3c-4743-9894-0a1e81e67ae3
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205498916.413:65): avc:  denied  { ptrace } for  pid=2903 comm="gam_server" scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=process
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205498916.413:65): arch=40000003 syscall=195 success=yes exit=0 a0=830b590 a1=bfc7ff30 a2=bf3ff4 a3=bfc800cc items=0 ppid=1 pid=2903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing gam_server (gamin_t) "ptrace" to <Unknown> (sendmail_t).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux denied access requested by gam_server. It is not expected that this
>access is required by gam_server and this access may signal an intrusion
>attempt. It is also possible that the specific version or configuration of the
>application is causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:gamin_t:s0
>Target Context                system_u:system_r:sendmail_t:s0
>Target Objects                None [ process ]
>Source                        gam_server
>Source Path                   /usr/libexec/gam_server
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           gamin-0.1.9-5.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   catchall
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.113.rc5.git2.fc9 #1 SMP Tue Mar 11
>                              23:11:11 EDT 2008 i686 i686
>Alert Count                   2
>First Seen                    Fri 14 Mar 2008 06:28:10 AM MDT
>Last Seen                     Fri 14 Mar 2008 06:48:35 AM MDT
>Local ID                      db129cee-886f-4a8a-bef5-32f2ab5a2b05
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205498915.27:63): avc:  denied  { ptrace } for  pid=2903 comm="gam_server" scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:sendmail_t:s0 tclass=process
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205498915.27:63): arch=40000003 syscall=195 success=yes exit=0 a0=8307d60 a1=bfc7ff30 a2=bf3ff4 a3=bfc800cc items=0 ppid=1 pid=2903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing gam_server (gamin_t) "ptrace" to <Unknown> (crond_t).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux denied access requested by gam_server. It is not expected that this
>access is required by gam_server and this access may signal an intrusion
>attempt. It is also possible that the specific version or configuration of the
>application is causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:gamin_t:s0
>Target Context                system_u:system_r:crond_t:s0-s0:c0.c1023
>Target Objects                None [ process ]
>Source                        gam_server
>Source Path                   /usr/libexec/gam_server
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           gamin-0.1.9-5.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   catchall
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.113.rc5.git2.fc9 #1 SMP Tue Mar 11
>                              23:11:11 EDT 2008 i686 i686
>Alert Count                   1587
>First Seen                    Thu 13 Mar 2008 08:46:34 PM MDT
>Last Seen                     Fri 14 Mar 2008 06:48:35 AM MDT
>Local ID                      674ee025-6254-40fd-b9a3-e9d6d6b57a02
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205498915.105:64): avc:  denied  { ptrace } for  pid=2903 comm="gam_server" scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=process
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205498915.105:64): arch=40000003 syscall=195 success=yes exit=0 a0=8300010 a1=bfc7ff30 a2=bf3ff4 a3=bfc800cc items=0 ppid=1 pid=2903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing gam_server (gamin_t) "ptrace" to <Unknown> (sshd_t).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux denied access requested by gam_server. It is not expected that this
>access is required by gam_server and this access may signal an intrusion
>attempt. It is also possible that the specific version or configuration of the
>application is causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:gamin_t:s0
>Target Context                system_u:system_r:sshd_t:s0-s0:c0.c1023
>Target Objects                None [ process ]
>Source                        gam_server
>Source Path                   /usr/libexec/gam_server
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           gamin-0.1.9-5.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   catchall
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.113.rc5.git2.fc9 #1 SMP Tue Mar 11
>                              23:11:11 EDT 2008 i686 i686
>Alert Count                   1587
>First Seen                    Thu 13 Mar 2008 08:46:34 PM MDT
>Last Seen                     Fri 14 Mar 2008 06:48:33 AM MDT
>Local ID                      26fde3e4-5346-4d26-b9aa-dce462aa4fc1
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205498913.960:59): avc:  denied  { ptrace } for  pid=2903 comm="gam_server" scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=process
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205498913.960:59): arch=40000003 syscall=195 success=yes exit=0 a0=830d528 a1=bfc7ff30 a2=bf3ff4 a3=bfc800cc items=0 ppid=1 pid=2903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing the semodule from using potentially mislabeled files
>(/home/amber/.xsession-errors).
>
>Detailed Description:
>
>SELinux has denied semodule access to potentially mislabeled file(s)
>(/home/amber/.xsession-errors). This means that SELinux will not allow semodule
>to use these files. It is common for users to edit files in their home directory
>or tmp directories and then move (mv) them to system directories. The problem is
>that the files end up with the wrong file context which confined applications
>are not allowed to access.
>
>Allowing Access:
>
>If you want semodule to access this files, you need to relabel them using
>restorecon -v '/home/amber/.xsession-errors'. You might want to relabel the
>entire directory using restorecon -R -v '/home/amber'.
>
>Additional Information:
>
>Source Context                unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c102
>                              3
>Target Context                system_u:object_r:user_home_t:s0
>Target Objects                /home/amber/.xsession-errors [ file ]
>Source                        semodule
>Source Path                   /usr/sbin/semodule
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           policycoreutils-2.0.44-1.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   home_tmp_bad_labels
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.113.rc5.git2.fc9 #1 SMP Tue Mar 11
>                              23:11:11 EDT 2008 i686 i686
>Alert Count                   1
>First Seen                    Fri 14 Mar 2008 06:13:16 AM MDT
>Last Seen                     Fri 14 Mar 2008 06:13:16 AM MDT
>Local ID                      76d17681-93f8-405b-bd85-3403403b86ae
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205496796.80:102): avc:  denied  { append } for  pid=19612 comm="semodule" path="/home/amber/.xsession-errors" dev=dm-0 ino=1171511 scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_t:s0 tclass=file
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205496796.80:102): arch=40000003 syscall=11 success=yes exit=0 a0=8431f00 a1=84320f8 a2=8431530 a3=0 items=0 ppid=19606 pid=19612 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="semodule" exe="/usr/sbin/semodule" subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing tmpwatch (tmpreaper_t) "setattr" to ./pdftex (var_lib_t).
>
>Detailed Description:
>
>SELinux denied access requested by tmpwatch. It is not expected that this access
>is required by tmpwatch and this access may signal an intrusion attempt. It is
>also possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>Sometimes labeling problems can cause SELinux denials. You could try to restore
>the default system file context for ./pdftex,
>
>restorecon -v './pdftex'
>
>If this does not work, there is currently no automatic way to allow this access.
>Instead, you can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:tmpreaper_t:s0-s0:c0.c1023
>Target Context                system_u:object_r:var_lib_t:s0
>Target Objects                ./pdftex [ dir ]
>Source                        tmpwatch
>Source Path                   /usr/sbin/tmpwatch
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           tmpwatch-2.9.13-2
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   catchall_file
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.113.rc5.git2.fc9 #1 SMP Tue Mar 11
>                              23:11:11 EDT 2008 i686 i686
>Alert Count                   1
>First Seen                    Fri 14 Mar 2008 04:30:36 AM MDT
>Last Seen                     Fri 14 Mar 2008 04:30:36 AM MDT
>Local ID                      d9b161f8-4eff-48f8-998d-80107e7b47e5
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205490636.926:75): avc:  denied  { setattr } for  pid=18109 comm="tmpwatch" name="pdftex" dev=dm-0 ino=1532419 scontext=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205490636.926:75): arch=40000003 syscall=30 success=no exit=-13 a0=804ac62 a1=bfb0a5e4 a2=0 a3=9392570 items=0 ppid=18107 pid=18109 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing tmpwatch (tmpreaper_t) "setattr" to ./dvips (var_lib_t).
>
>Detailed Description:
>
>SELinux denied access requested by tmpwatch. It is not expected that this access
>is required by tmpwatch and this access may signal an intrusion attempt. It is
>also possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>Sometimes labeling problems can cause SELinux denials. You could try to restore
>the default system file context for ./dvips,
>
>restorecon -v './dvips'
>
>If this does not work, there is currently no automatic way to allow this access.
>Instead, you can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:tmpreaper_t:s0-s0:c0.c1023
>Target Context                system_u:object_r:var_lib_t:s0
>Target Objects                ./dvips [ dir ]
>Source                        tmpwatch
>Source Path                   /usr/sbin/tmpwatch
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           tmpwatch-2.9.13-2
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   catchall_file
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.113.rc5.git2.fc9 #1 SMP Tue Mar 11
>                              23:11:11 EDT 2008 i686 i686
>Alert Count                   1
>First Seen                    Fri 14 Mar 2008 04:30:36 AM MDT
>Last Seen                     Fri 14 Mar 2008 04:30:36 AM MDT
>Local ID                      3e5456f7-bff7-427f-b043-0891699f5919
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205490636.952:76): avc:  denied  { setattr } for  pid=18109 comm="tmpwatch" name="dvips" dev=dm-0 ino=1532418 scontext=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205490636.952:76): arch=40000003 syscall=30 success=no exit=-13 a0=804ac62 a1=bfb0a5e4 a2=0 a3=9392570 items=0 ppid=18107 pid=18109 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing plugin-config (nsplugin_config_t) "read write" to socket
>(unconfined_t).
>
>Detailed Description:
>
>SELinux denied access requested by plugin-config. It is not expected that this
>access is required by plugin-config and this access may signal an intrusion
>attempt. It is also possible that the specific version or configuration of the
>application is causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                unconfined_u:unconfined_r:nsplugin_config_t:s0-s0:
>                              c0.c1023
>Target Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
>                              023
>Target Objects                socket [ unix_dgram_socket ]
>Source                        plugin-config
>Source Path                   /usr/lib/nspluginwrapper/plugin-config
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           nspluginwrapper-0.9.91.5-25.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   catchall
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.113.rc5.git2.fc9 #1 SMP Tue Mar 11
>                              23:11:11 EDT 2008 i686 i686
>Alert Count                   4
>First Seen                    Thu 13 Mar 2008 09:00:58 PM MDT
>Last Seen                     Thu 13 Mar 2008 09:14:19 PM MDT
>Local ID                      5429944e-5beb-46ef-9202-e50ba70b24e1
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205464459.254:11128): avc:  denied  { read write } for  pid=6504 comm="plugin-config" path="socket:[15209]" dev=sockfs ino=15209 scontext=unconfined_u:unconfined_r:nsplugin_config_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_dgram_socket
>
>host=localhost.localdomain type=AVC msg=audit(1205464459.254:11128): avc:  denied  { read } for  pid=6504 comm="plugin-config" path="inotify" dev=inotifyfs ino=1 scontext=unconfined_u:unconfined_r:nsplugin_config_t:s0-s0:c0.c1023 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
>
>host=localhost.localdomain type=AVC msg=audit(1205464459.254:11128): avc:  denied  { read write } for  pid=6504 comm="plugin-config" path="socket:[15460]" dev=sockfs ino=15460 scontext=unconfined_u:unconfined_r:nsplugin_config_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205464459.254:11128): arch=40000003 syscall=11 success=yes exit=0 a0=84a5ed0 a1=84a7d50 a2=84a84d8 a3=0 items=0 ppid=6502 pid=6504 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="plugin-config" exe="/usr/lib/nspluginwrapper/plugin-config" subj=unconfined_u:unconfined_r:nsplugin_config_t:s0-s0:c0.c1023 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing the Xorg from using potentially mislabeled files
>(./fonts.dir).
>
>Detailed Description:
>
>SELinux has denied Xorg access to potentially mislabeled file(s) (./fonts.dir).
>This means that SELinux will not allow Xorg to use these files. It is common for
>users to edit files in their home directory or tmp directories and then move
>(mv) them to system directories. The problem is that the files end up with the
>wrong file context which confined applications are not allowed to access.
>
>Allowing Access:
>
>If you want Xorg to access this files, you need to relabel them using restorecon
>-v './fonts.dir'. You might want to relabel the entire directory using
>restorecon -R -v '.'.
>
>Additional Information:
>
>Source Context                system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023
>Target Context                unconfined_u:object_r:admin_home_t:s0
>Target Objects                ./fonts.dir [ file ]
>Source                        Xorg
>Source Path                   /usr/bin/Xorg
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           xorg-x11-server-Xorg-1.4.99.901-5.20080310.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   home_tmp_bad_labels
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.113.rc5.git2.fc9 #1 SMP Tue Mar 11
>                              23:11:11 EDT 2008 i686 i686
>Alert Count                   1
>First Seen                    Thu 13 Mar 2008 04:05:22 PM MDT
>Last Seen                     Thu 13 Mar 2008 04:05:22 PM MDT
>Local ID                      11731db3-dce0-488f-adec-7e72f80e9c51
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205445922.534:22): avc:  denied  { read } for  pid=2531 comm="Xorg" name="fonts.dir" dev=dm-0 ino=1941578 scontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205445922.534:22): arch=40000003 syscall=5 success=no exit=-13 a0=bfee1818 a1=0 a2=1b6 a3=0 items=0 ppid=2530 pid=2531 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty7 ses=4294967295 comm="Xorg" exe="/usr/bin/Xorg" subj=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing the gdm-session-wor from using potentially mislabeled
>files (./root).
>
>Detailed Description:
>
>SELinux has denied gdm-session-wor access to potentially mislabeled file(s)
>(./root). This means that SELinux will not allow gdm-session-wor to use these
>files. It is common for users to edit files in their home directory or tmp
>directories and then move (mv) them to system directories. The problem is that
>the files end up with the wrong file context which confined applications are not
>allowed to access.
>
>Allowing Access:
>
>If you want gdm-session-wor to access this files, you need to relabel them using
>restorecon -v './root'. You might want to relabel the entire directory using
>restorecon -R -v './root'.
>
>Additional Information:
>
>Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
>Target Context                system_u:object_r:admin_home_t:s0
>Target Objects                ./root [ dir ]
>Source                        gdm-session-wor
>Source Path                   /usr/libexec/gdm-session-worker
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           gdm-2.21.9-3.fc9
>Target RPM Packages           filesystem-2.4.11-2.fc9
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   home_tmp_bad_labels
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.113.rc5.git2.fc9 #1 SMP Tue Mar 11
>                              23:11:11 EDT 2008 i686 i686
>Alert Count                   3
>First Seen                    Thu 13 Mar 2008 04:05:14 PM MDT
>Last Seen                     Thu 13 Mar 2008 04:05:14 PM MDT
>Local ID                      638c3a21-bd2f-413e-ad3a-bd633c14199f
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205445914.500:21): avc:  denied  { write } for  pid=2825 comm="gdm-session-wor" name="root" dev=dm-0 ino=1941505 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205445914.500:21): arch=40000003 syscall=5 success=no exit=-13 a0=8fbddd8 a1=80c2 a2=1b6 a3=80c2 items=0 ppid=2648 pid=2825 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="gdm-session-wor" exe="/usr/libexec/gdm-session-worker" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing rsyslogd (syslogd_t) "read" to ./System.map-2.6.24-2.fc9
>(system_map_t).
>
>Detailed Description:
>
>SELinux denied access requested by rsyslogd. It is not expected that this access
>is required by rsyslogd and this access may signal an intrusion attempt. It is
>also possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>Sometimes labeling problems can cause SELinux denials. You could try to restore
>the default system file context for ./System.map-2.6.24-2.fc9,
>
>restorecon -v './System.map-2.6.24-2.fc9'
>
>If this does not work, there is currently no automatic way to allow this access.
>Instead, you can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:syslogd_t:s0
>Target Context                system_u:object_r:system_map_t:s0
>Target Objects                ./System.map-2.6.24-2.fc9 [ file ]
>Source                        rsyslogd
>Source Path                   /sbin/rsyslogd
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           rsyslog-3.12.1-1.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   catchall_file
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain 2.6.24-2.fc9 #1 SMP
>                              Fri Jan 25 13:14:54 EST 2008 i686 i686
>Alert Count                   1
>First Seen                    Thu 13 Mar 2008 03:51:59 PM MDT
>Last Seen                     Thu 13 Mar 2008 03:51:59 PM MDT
>Local ID                      4ac66866-e2f4-4d2e-ad87-c950bf60b436
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205445119.607:100): avc:  denied  { read } for  pid=10657 comm="rsyslogd" name="System.map-2.6.24-2.fc9" dev=sda1 ino=12 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:system_map_t:s0 tclass=file
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205445119.607:100): arch=40000003 syscall=5 success=no exit=-13 a0=2f67c0 a1=0 a2=1b6 a3=0 items=0 ppid=10656 pid=10657 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rsyslogd" exe="/sbin/rsyslogd" subj=system_u:system_r:syslogd_t:s0 key=(null)
>
>

Actions: View

Attachments on bug 437478: 298050