Bug 527461

The following was filed automatically by setroubleshoot:

Souhrn:

SELinux is preventing /usr/bin/gnome-keyring-daemon "write" access on
keyring-1ttqBr.

Podrobný popis:

[SELinux is in permissive mode. This access was not denied.]

SELinux denied access requested by gnome-keyring-d. It is not expected that this
access is required by gnome-keyring-d and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Povolení přístupu:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

Další informace:

Kontext zdroje                unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023
Kontext cíle                 unconfined_u:object_r:tmp_t:s0
Objekty cíle                 keyring-1ttqBr [ dir ]
Zdroj                         gnome-keyring-d
Cesta zdroje                  /usr/bin/gnome-keyring-daemon
Port                          <Neznámé>
Počítač                    (removed)
RPM balíčky zdroje          gnome-keyring-2.28.0-1.fc12
RPM balíčky cíle           
RPM politiky                  selinux-policy-3.6.32-12.fc12
Selinux povolen               True
Typ politiky                  targeted
MLS povoleno                  True
Vynucovací režim            Permissive
Název zásuvného modulu     catchall
Název počítače            (removed)
Platforma                     Linux (removed) 2.6.31.1-58.fc12.x86_64 #1 SMP Fri
                              Oct 2 16:17:33 EDT 2009 x86_64 x86_64
Počet upozornění           3
Poprvé viděno               Út 6. říjen 2009, 14:12:58 CEST
Naposledy viděno             Út 6. říjen 2009, 14:12:58 CEST
Místní ID                   1d49a9a7-2970-4857-9298-189e5eb82320
Čísla řádků              

Původní zprávy auditu      

node=(removed) type=AVC msg=audit(1254831178.264:304): avc:  denied  { write } for  pid=31073 comm="gnome-keyring-d" name="keyring-1ttqBr" dev=tmpfs ino=483367 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=dir

node=(removed) type=AVC msg=audit(1254831178.264:304): avc:  denied  { add_name } for  pid=31073 comm="gnome-keyring-d" name="socket" scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=dir

node=(removed) type=AVC msg=audit(1254831178.264:304): avc:  denied  { create } for  pid=31073 comm="gnome-keyring-d" name="socket" scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=sock_file

node=(removed) type=SYSCALL msg=audit(1254831178.264:304): arch=c000003e syscall=49 success=yes exit=0 a0=5 a1=7fff7f17d520 a2=6e a3=10 items=0 ppid=31049 pid=31073 auid=501 uid=501 gid=502 euid=501 suid=501 fsuid=501 egid=502 sgid=502 fsgid=502 tty=pts1 ses=11 comm="gnome-keyring-d" exe="/usr/bin/gnome-keyring-daemon" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  selinux-policy-3.6.32-12.fc12,catchall,gnome-keyring-d,passwd_t,tmp_t,dir,write
audit2allow suggests:

#============= passwd_t ==============
allow passwd_t tmp_t:dir { write add_name };
allow passwd_t tmp_t:sock_file create;