Bug 1057488
| Summary: | SELinux is preventing /usr/bin/vmtoolsd from 'write' accesses on the directory /tmp. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Sitsofe Wheeler <sitsofe> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 20 | CC: | dominick.grift, dwalsh, john, joshua, lvrabec, mgrepl, trond.myklebust |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:3af4c4013a02ce5029b7eab210cfefdabbf5f5ea8bca48168bfebeb7da94a4fe | ||
| Fixed In Version: | selinux-policy-3.12.1-127.fc20 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-03-12 12:16:11 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
On inspection by using
grep avc /var/log/audit/audit.log
there are more denials:
type=AVC msg=audit(1390553414.405:879): avc: denied { read } for pid=381 comm="vmtoolsd" name="meminfo" dev="proc" ino=4026532027 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=AVC msg=audit(1390554727.449:23): avc: denied { sys_time } for pid=380 comm="vmtoolsd" capability=25 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:system_r:vmtools_t:s0 tclass=capability
type=AVC msg=audit(1390554727.450:24): avc: denied { sys_time } for pid=380 comm="vmtoolsd" capability=25 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:system_r:vmtools_t:s0 tclass=capability
type=AVC msg=audit(1390554727.450:25): avc: denied { sys_time } for pid=380 comm="vmtoolsd" capability=25 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:system_r:vmtools_t:s0 tclass=capability
type=AVC msg=audit(1390554727.454:26): avc: denied { read } for pid=380 comm="vmtoolsd" name="uptime" dev="proc" ino=4026532029 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=AVC msg=audit(1390554727.457:27): avc: denied { sys_rawio } for pid=380 comm="vmtoolsd" capability=17 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:system_r:vmtools_t:s0 tclass=capability
type=AVC msg=audit(1390554727.460:29): avc: denied { execute } for pid=424 comm="vmtoolsd" name="bash" dev="sda2" ino=34071102 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
type=AVC msg=audit(1390554727.467:31): avc: denied { write } for pid=380 comm="vmtoolsd" name="/" dev="tmpfs" ino=11892 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=AVC msg=audit(1390554727.467:32): avc: denied { read } for pid=380 comm="vmtoolsd" name="/" dev="tmpfs" ino=11892 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=AVC msg=audit(1390554727.467:33): avc: denied { write } for pid=380 comm="vmtoolsd" name="/" dev="tmpfs" ino=11892 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=AVC msg=audit(1390554727.467:34): avc: denied { write } for pid=380 comm="vmtoolsd" name="/" dev="tmpfs" ino=11892 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=AVC msg=audit(1390554727.467:35): avc: denied { write } for pid=380 comm="vmtoolsd" name="/" dev="tmpfs" ino=11892 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=AVC msg=audit(1390554727.467:36): avc: denied { write } for pid=380 comm="vmtoolsd" name="/" dev="tmpfs" ino=11892 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=AVC msg=audit(1390554727.467:37): avc: denied { write } for pid=380 comm="vmtoolsd" name="/" dev="tmpfs" ino=11892 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=AVC msg=audit(1390554727.467:38): avc: denied { write } for pid=380 comm="vmtoolsd" name="/" dev="tmpfs" ino=11892 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
Scraping all my audit logs using
grep "avc: de" audit.log* | sort | uniq -f 13 -c | grep vmtoolsd
shows the following:
5 audit.log:type=AVC msg=audit(1390537553.740:27914): avc: denied { getattr } for pid=5619 comm="updatedb" path="/usr/bin/vmtoolsd" dev="sda2" ino=34738378 scontext=system_u:system_r:locate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
1 audit.log:type=AVC msg=audit(1390553384.398:28): avc: denied { execute } for pid=432 comm="vmtoolsd" name="bash" dev="sda2" ino=34071102 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
253 audit.log:type=AVC msg=audit(1390553384.444:29): avc: denied { write } for pid=381 comm="vmtoolsd" name="/" dev="tmpfs" ino=13435 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
3 audit.log:type=AVC msg=audit(1390553384.450:282): avc: denied { sys_time } for pid=381 comm="vmtoolsd" capability=25 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:system_r:vmtools_t:s0 tclass=capability
1 audit.log:type=AVC msg=audit(1390553384.455:285): avc: denied { read } for pid=381 comm="vmtoolsd" name="uptime" dev="proc" ino=4026532029 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
1 audit.log:type=AVC msg=audit(1390553384.456:286): avc: denied { sys_rawio } for pid=381 comm="vmtoolsd" capability=17 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:system_r:vmtools_t:s0 tclass=capability
253 audit.log:type=AVC msg=audit(1390553384.456:287): avc: denied { write } for pid=381 comm="vmtoolsd" name="/" dev="tmpfs" ino=13435 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
1 audit.log:type=AVC msg=audit(1390553414.399:875): avc: denied { read } for pid=381 comm="vmtoolsd" name="devices" dev="proc" ino=4026532024 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
1 audit.log:type=AVC msg=audit(1390553414.400:876): avc: denied { getattr } for pid=381 comm="vmtoolsd" path="/dev/sda1" dev="devtmpfs" ino=1593 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
1 audit.log:type=AVC msg=audit(1390553414.401:877): avc: denied { read } for pid=381 comm="vmtoolsd" name="dev" dev="proc" ino=4026531975 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
2 audit.log:type=AVC msg=audit(1390553414.404:878): avc: denied { read } for pid=381 comm="vmtoolsd" name="uptime" dev="proc" ino=4026532029 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
3 audit.log:type=AVC msg=audit(1390554727.449:23): avc: denied { sys_time } for pid=380 comm="vmtoolsd" capability=25 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:system_r:vmtools_t:s0 tclass=capability
1 audit.log:type=AVC msg=audit(1390554727.454:26): avc: denied { read } for pid=380 comm="vmtoolsd" name="uptime" dev="proc" ino=4026532029 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
1 audit.log:type=AVC msg=audit(1390554727.457:27): avc: denied { sys_rawio } for pid=380 comm="vmtoolsd" capability=17 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:system_r:vmtools_t:s0 tclass=capability
1 audit.log:type=AVC msg=audit(1390554727.460:29): avc: denied { execute } for pid=424 comm="vmtoolsd" name="bash" dev="sda2" ino=34071102 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
253 audit.log:type=AVC msg=audit(1390554727.467:31): avc: denied { write } for pid=380 comm="vmtoolsd" name="/" dev="tmpfs" ino=11892 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
1 audit.log:type=AVC msg=audit(1390554757.452:707): avc: denied { read } for pid=380 comm="vmtoolsd" name="devices" dev="proc" ino=4026532024 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
1 audit.log:type=AVC msg=audit(1390554757.453:708): avc: denied { getattr } for pid=380 comm="vmtoolsd" path="/dev/sda1" dev="devtmpfs" ino=7944 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
1 audit.log:type=AVC msg=audit(1390554757.454:709): avc: denied { read } for pid=380 comm="vmtoolsd" name="dev" dev="proc" ino=4026531975 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
2 audit.log:type=AVC msg=audit(1390554757.455:710): avc: denied { read } for pid=380 comm="vmtoolsd" name="uptime" dev="proc" ino=4026532029 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
vmtools should be a permissive domain. f00de9355ade76a31c440d38cd87e94c76b59bb6 adds these rules to git. selinux-policy-3.12.1-121.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-121.fc20 Package selinux-policy-3.12.1-121.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-121.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-1700/selinux-policy-3.12.1-121.fc20 then log in and leave karma (feedback). One AVC remaining after installing selinux-policy{,-targeted}-3.12.1-121.fc20:
type=AVC msg=audit(1390968317.814:422): avc: denied { getattr } for pid=617 comm="vmtoolsd" name="/" dev="dm-1" ino=2 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
Package selinux-policy-3.12.1-122.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-122.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-1700/selinux-policy-3.12.1-122.fc20 then log in and leave karma (feedback). Description of problem: Running Fedora in A VM and the VMWare Tools attempted to run on launch of the VM. Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.8-300.fc20.x86_64 type: libreport Unfortunately selinux-policy-3.12.1-122.fc20.noarch does not solve all the VMware Tools problems. If I make VMware shut down the guest, another round of denials occur:
type=AVC msg=audit(1391678717.211:376): avc: denied { execute } for pid=1904 comm="vmtoolsd" name="poweroff-vm-default" dev="sda2" ino=821407 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=AVC msg=audit(1391678717.211:376): avc: denied { execute_no_trans } for pid=1904 comm="vmtoolsd" path="/etc/vmware-tools/poweroff-vm-default" dev="sda2" ino=821407 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=AVC msg=audit(1391678717.347:377): avc: denied { getattr } for pid=1917 comm="which" path="/usr/sbin/ifconfig" dev="sda2" ino=68707287 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file
type=AVC msg=audit(1391678717.463:378): avc: denied { execute } for pid=1923 comm="sh" name="systemctl" dev="sda2" ino=34494703 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file
type=AVC msg=audit(1391678717.463:378): avc: denied { read open } for pid=1923 comm="sh" path="/usr/bin/systemctl" dev="sda2" ino=34494703 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file
type=AVC msg=audit(1391678717.463:378): avc: denied { execute_no_trans } for pid=1923 comm="sh" path="/usr/bin/systemctl" dev="sda2" ino=34494703 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file
type=AVC msg=audit(1391678717.465:379): avc: denied { read } for pid=1923 comm="shutdown" name="root" dev="proc" ino=7829 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=lnk_file
type=AVC msg=audit(1391678717.465:379): avc: denied { read } for pid=1923 comm="shutdown" scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file
type=AVC msg=audit(1391678717.467:380): avc: denied { connectto } for pid=1923 comm="shutdown" path="/run/systemd/private" scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=unix_stream_socket
type=USER_AVC msg=audit(1391678717.526:381): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=-1 uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=AVC msg=audit(1391678717.529:382): avc: denied { read } for pid=1923 comm="shutdown" name="utmp" dev="tmpfs" ino=15384 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
type=AVC msg=audit(1391678717.529:382): avc: denied { open } for pid=1923 comm="shutdown" path="/run/utmp" dev="tmpfs" ino=15384 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
type=AVC msg=audit(1391678717.530:383): avc: denied { lock } for pid=1923 comm="shutdown" path="/run/utmp" dev="tmpfs" ino=15384 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
selinux-policy-3.12.1-122.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. Reopening. I don't even know why this was closed - I mentioned there are still problems in comment #8... commit 61bc70fc1f6c167e8ea4366ef7c3564b5d429102
Author: Miroslav Grepl <mgrepl>
Date: Tue Feb 18 13:46:08 2014 +0100
Add vmtools_helper_t for helper scripts. Allow vmtools shutdonw a host and run ifconfig.
selinux-policy-3.12.1-126.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-126.fc20 Package selinux-policy-3.12.1-126.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-126.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-2801/selinux-policy-3.12.1-126.fc20 then log in and leave karma (feedback). Nearly there - when using the VMware host's features (Shutdown, Restart, Suspend) there are the following:
grep avc /var/log/audit/audit.log{,.1}
/var/log/audit/audit.log:type=AVC msg=audit(1393149761.497:365): avc: denied { transition } for pid=1376 comm="vmware-user-sui" path="/usr/bin/vmtoolsd" dev="sda2" ino=34738378 scontext=unconfined_u:unconfined_r:vmtools_helper_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:vmtools_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=USER_AVC msg=audit(1393149777.972:379): pid=427 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.54 spid=522 tpid=1674 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:vmtools_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
/var/log/audit/audit.log:type=AVC msg=audit(1393149965.016:364): avc: denied { transition } for pid=1383 comm="vmware-user-sui" path="/usr/bin/vmtoolsd" dev="sda2" ino=34738378 scontext=unconfined_u:unconfined_r:vmtools_helper_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:vmtools_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1392800649.158:351): avc: denied { transition } for pid=1335 comm="vmware-user-sui" path="/usr/bin/vmtoolsd" dev="sda2" ino=34738378 scontext=unconfined_u:unconfined_r:vmtools_helper_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:vmtools_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1392800894.142:396): avc: denied { transition } for pid=2496 comm="vmware-user-sui" path="/usr/bin/vmtoolsd" dev="sda2" ino=34738378 scontext=unconfined_u:unconfined_r:vmtools_helper_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:vmtools_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1392800943.770:364): avc: denied { transition } for pid=1381 comm="vmware-user-sui" path="/usr/bin/vmtoolsd" dev="sda2" ino=34738378 scontext=unconfined_u:unconfined_r:vmtools_helper_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:vmtools_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1392801389.929:366): avc: denied { transition } for pid=1355 comm="vmware-user-sui" path="/usr/bin/vmtoolsd" dev="sda2" ino=34738378 scontext=unconfined_u:unconfined_r:vmtools_helper_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:vmtools_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1393149309.648:366): avc: denied { transition } for pid=1412 comm="vmware-user-sui" path="/usr/bin/vmtoolsd" dev="sda2" ino=34738378 scontext=unconfined_u:unconfined_r:vmtools_helper_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:vmtools_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1393149421.738:410): avc: denied { transition } for pid=2338 comm="vmware-user-sui" path="/usr/bin/vmtoolsd" dev="sda2" ino=34738378 scontext=unconfined_u:unconfined_r:vmtools_helper_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:vmtools_t:s0-s0:c0.c1023 tclass=process
I guess someone should also do tests on ESXi as it can request different features (time sync, ip addresses etc).
A word of warning: don't use VMware's suspend menu option in selinux enforcing mode until these issues are fixed - it will cause your network connection to become broken. commit a2f8b4549ef3e89013c5713acae49d5b89959e32
Author: Miroslav Grepl <mgrepl>
Date: Mon Feb 24 12:22:06 2014 +0100
Allow vmtools_helper_t to change role to system_r
Package selinux-policy-3.12.1-127.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-127.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-2801/selinux-policy-3.12.1-127.fc20 then log in and leave karma (feedback). selinux-policy-3.12.1-127.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: How did this problem happen? I installed the latest updates with yum and rebooted. The machine in question is a VM running on VMWare Fusion. How can it be reproduced? Unknown. Perhaps by rebooting? SELinux is preventing /usr/bin/vmtoolsd from 'write' accesses on the directory /tmp. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that vmtoolsd should be allowed write access on the tmp directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep vmtoolsd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:vmtools_t:s0 Target Context system_u:object_r:tmp_t:s0 Target Objects /tmp [ dir ] Source vmtoolsd Source Path /usr/bin/vmtoolsd Port <Unknown> Host (removed) Source RPM Packages open-vm-tools-9.4.0-1.fc20.x86_64 Target RPM Packages filesystem-3.2-19.fc20.x86_64 Policy RPM selinux-policy-3.12.1-119.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.12.8-300.fc20.x86_64 #1 SMP Thu Jan 16 01:07:50 UTC 2014 x86_64 x86_64 Alert Count 2 First Seen 2014-01-24 08:49:44 GMT Last Seen 2014-01-24 08:49:44 GMT Local ID f037af3a-1aea-4076-ac12-b3356fbac7ee Raw Audit Messages type=AVC msg=audit(1390553384.445:126): avc: denied { write } for pid=381 comm="vmtoolsd" name="/" dev="tmpfs" ino=13435 scontext=system_u:system_r:vmtools_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=SYSCALL msg=audit(1390553384.445:126): arch=x86_64 syscall=mkdir success=no exit=EACCES a0=7f5877c48680 a1=1c0 a2=1c a3=7fff8d389c80 items=0 ppid=1 pid=381 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=vmtoolsd exe=/usr/bin/vmtoolsd subj=system_u:system_r:vmtools_t:s0 key=(null) Hash: vmtoolsd,vmtools_t,tmp_t,dir,write Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.8-300.fc20.x86_64 type: libreport