Bug 538428 (f11policy)

Summary: SELinux is preventing cat (logrotate_t) "read" var_run_t.
Product: [Fedora] Fedora Reporter: Spencer Tom Tafadzwa Chirume <schirume>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 12CC: achernya, amrossi, andrig.t.miller, an.euroford, antonio_pandolfo, bbarbour, bbigby64, bill-bugzilla.redhat.com, billlinux, bram_gro, brinkj, c.gonzalo.luengo, chris.r137, cje, curoli, dan, dexapier, dicconspain, dignan.patrick, don.novak, dublinuxs, dwalsh, ebihallo, Edofin, edosurina, eduardo.marcelo.palacios, f_a_f12001, forthommel, gaetan, gbrathwaite7thd, germano.massullo, gianpietro.carretta, gopsykg, gwync, habertom, henkj.snel, hihii352, hristo.atanassov, hvdkooij, info, ja3021, jackal_road2000, jaysmobilemail, jeffgbaker, jeremyhu, jhauva, jitesh.1337, josephomorrow, jugon9002, kerrgi, kruvalig, kvolny, liana, louis, mail.dsp, maxime.tierre, m.e, mgrepl, mharvey, naoki, ol.morgan, paoloniccolo.giubelli, phypsi+bugzilla, pierreblavy, pk, plarsen, popmar, QFanatic, qtl.aas, raj.ix86, rana.iftikhar.ahmad, rek, rlandman, rmiller38512, rsandu2004, run, sham435, simon.lewis, slishan, steve, tobias.muhlhofer, tobzet, tomislav.ivancic, tomshoey, vandijck.ger, vanho, vanilkovy.puding, vdanielmo, veli-matti.sorvala, vinyciusunderground2, vlapan, webmaster, wlee, yannchef
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard: setroubleshoot_trace_hash:94414bd6d9ab401fd99e2ddce1c340e733145d2c07d153503cf964a6c69c0243
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-11-18 15:23:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Spencer Tom Tafadzwa Chirume 2009-11-18 15:01:56 UTC 
Summary:

SELinux is preventing cat (logrotate_t) "read" var_run_t.

Detailed Description:

SELinux denied access requested by cat. It is not expected that this access is
required by cat and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:logrotate_t:s0-s0:c0.c1023
Target Context                system_u:object_r:var_run_t:s0
Target Objects                /var/run/syslogd.pid [ lnk_file ]
Source                        cat
Source Path                   /bin/cat
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           coreutils-7.2-4.fc11
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.12-86.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     (removed)
Platform                      Linux (removed) 2.6.29.4-167.fc11.i686.PAE #1 SMP
                              Wed May 27 17:28:22 EDT 2009 i686 i686
Alert Count                   2
First Seen                    Sun 08 Nov 2009 05:15:54 GMT
Last Seen                     Sun 15 Nov 2009 03:30:36 GMT
Local ID                      96c98e5b-8fc7-420b-8e41-9bacdaa6ee43
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1258255836.104:29698): avc:  denied  { read } for  pid=8786 comm="cat" name="syslogd.pid" dev=dm-0 ino=133 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=lnk_file

node=(removed) type=SYSCALL msg=audit(1258255836.104:29698): arch=40000003 syscall=5 success=no exit=-13 a0=bfa2bf46 a1=8000 a2=0 a3=bfa29e5c items=0 ppid=8785 pid=8786 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=18 comm="cat" exe="/bin/cat" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  selinux-policy-3.6.12-86.fc11,catchall,cat,logrotate_t,var_run_t,lnk_file,read
audit2allow suggests:

#============= logrotate_t ==============
allow logrotate_t var_run_t:lnk_file read;
Comment 1 Daniel Walsh 2009-11-18 15:23:07 UTC 
DONT report F11 policy bugs on an F12 machine.  Complete the update before you start reporting bugs, PLEASE...
Comment 2 Spencer Tom Tafadzwa Chirume 2009-11-18 15:31:26 UTC 
Update facing issues, sorry for the errant bug posts.
Comment 3 Daniel Walsh 2009-11-18 18:08:40 UTC 
*** Bug 538473 has been marked as a duplicate of this bug. ***
Comment 4 Daniel Walsh 2009-11-18 18:17:32 UTC 
*** Bug 538509 has been marked as a duplicate of this bug. ***
Comment 5 Daniel Walsh 2009-11-18 18:17:51 UTC 
*** Bug 538511 has been marked as a duplicate of this bug. ***
Comment 6 Daniel Walsh 2009-11-18 18:18:14 UTC 
*** Bug 538512 has been marked as a duplicate of this bug. ***
Comment 7 Daniel Walsh 2009-11-18 18:18:33 UTC 
*** Bug 538513 has been marked as a duplicate of this bug. ***
Comment 8 Daniel Walsh 2009-11-18 19:59:43 UTC 
*** Bug 538528 has been marked as a duplicate of this bug. ***
Comment 9 Daniel Walsh 2009-11-18 21:36:13 UTC 
*** Bug 538589 has been marked as a duplicate of this bug. ***
Comment 10 Daniel Walsh 2009-11-18 21:42:45 UTC 
*** Bug 538592 has been marked as a duplicate of this bug. ***
Comment 11 Daniel Walsh 2009-11-18 21:43:11 UTC 
*** Bug 538594 has been marked as a duplicate of this bug. ***
Comment 12 Daniel Walsh 2009-11-18 21:43:36 UTC 
*** Bug 538596 has been marked as a duplicate of this bug. ***
Comment 13 Daniel Walsh 2009-11-18 21:43:46 UTC 
*** Bug 538595 has been marked as a duplicate of this bug. ***
Comment 14 Daniel Walsh 2009-11-19 18:43:05 UTC 
*** Bug 539259 has been marked as a duplicate of this bug. ***
Comment 15 Daniel Walsh 2009-11-19 19:26:30 UTC 
*** Bug 539280 has been marked as a duplicate of this bug. ***
Comment 16 Daniel Walsh 2009-11-19 21:49:31 UTC 
*** Bug 539321 has been marked as a duplicate of this bug. ***
Comment 17 Miroslav Grepl 2009-11-20 09:08:21 UTC 
*** Bug 539449 has been marked as a duplicate of this bug. ***
Comment 18 Miroslav Grepl 2009-11-20 12:01:42 UTC 
*** Bug 539489 has been marked as a duplicate of this bug. ***
Comment 19 Christoph Wickert 2009-11-20 12:24:59 UTC 
(In reply to comment #1)
> DONT report F11 policy bugs on an F12 machine.  Complete the update before you
> start reporting bugs, PLEASE...  

Sorry for the errant bug reports, but please don't tell people to finish the update if you broke the upgrade path.
Comment 20 Daniel Walsh 2009-11-20 13:05:04 UTC 
*** Bug 539447 has been marked as a duplicate of this bug. ***
Comment 21 Daniel Walsh 2009-11-20 13:08:18 UTC 
Christoph what is broken in the upgrade path?
Comment 22 James Heather 2009-11-20 13:15:44 UTC 
The reason I (and, I'd imagine, many others) accidentally reported an F11 bug on an F12 machine is that the alert and the option to submit bug reports were new. I hadn't noticed until after I'd submitted that it was listing a whole load of selinux issues that had been present for ages.

It would be useful if the alert applet offered to delete all old alerts when it detected a release upgrade.
Comment 23 Daniel Walsh 2009-11-20 13:29:08 UTC 
We have not figured out what the best way to handle "old" avc's is.  But on upgrade we probably should have cleared the database.  

What should we do with an AVC that has been reported?  Should it be deleted?  Should it be marked as ignore?  Right now we are turning on the report bug when it is a configurtion or labeling issue, so we are getting bug reports for non bugs.
Comment 24 Daniel Walsh 2009-11-20 13:34:14 UTC 
*** Bug 539507 has been marked as a duplicate of this bug. ***
Comment 25 Christoph Wickert 2009-11-20 13:58:36 UTC 
(In reply to comment #21)
> Christoph what is broken in the upgrade path?  

Sorry, I don't really know, but I upgraded with preupgrade and still had an F11 version (unfortunately I cannot look up which one it was, because rpm -qa --last doesn't show). I had to update to 3.6.32-46.fc12 from updates-testing. As this version was pushed to stable yesterday, the errant reports should hopefully disappear.

I think what we see here is also a bug in sealert: The icon indicates there was an alert, but when you click the icon, sealert shows the first alarm in the list (which may be an old one) but not the actual issue.
Comment 26 Daniel Walsh 2009-11-23 13:13:28 UTC 
*** Bug 539728 has been marked as a duplicate of this bug. ***
Comment 27 Daniel Walsh 2009-11-23 13:35:31 UTC 
*** Bug 539788 has been marked as a duplicate of this bug. ***
Comment 28 Daniel Walsh 2009-11-23 13:36:09 UTC 
*** Bug 539790 has been marked as a duplicate of this bug. ***
Comment 29 Daniel Walsh 2009-11-23 13:36:31 UTC 
*** Bug 539792 has been marked as a duplicate of this bug. ***
Comment 30 Daniel Walsh 2009-11-23 14:03:18 UTC 
*** Bug 539866 has been marked as a duplicate of this bug. ***
Comment 31 Daniel Walsh 2009-11-23 15:20:25 UTC 
*** Bug 539996 has been marked as a duplicate of this bug. ***
Comment 32 Daniel Walsh 2009-11-23 15:44:27 UTC 
*** Bug 540170 has been marked as a duplicate of this bug. ***
Comment 33 Daniel Walsh 2009-11-23 15:45:58 UTC 
*** Bug 540196 has been marked as a duplicate of this bug. ***
Comment 34 Daniel Walsh 2009-11-23 15:57:44 UTC 
*** Bug 540211 has been marked as a duplicate of this bug. ***
Comment 35 Daniel Walsh 2009-11-23 18:43:51 UTC 
*** Bug 540558 has been marked as a duplicate of this bug. ***
Comment 36 Daniel Walsh 2009-11-24 14:49:55 UTC 
*** Bug 540914 has been marked as a duplicate of this bug. ***
Comment 37 Daniel Walsh 2009-11-24 14:50:19 UTC 
*** Bug 540915 has been marked as a duplicate of this bug. ***
Comment 38 Daniel Walsh 2009-11-24 14:50:35 UTC 
*** Bug 540916 has been marked as a duplicate of this bug. ***
Comment 39 Daniel Walsh 2009-11-24 14:50:50 UTC 
*** Bug 540917 has been marked as a duplicate of this bug. ***
Comment 40 Daniel Walsh 2009-11-24 14:58:21 UTC 
*** Bug 540930 has been marked as a duplicate of this bug. ***
Comment 41 Daniel Walsh 2009-11-24 14:59:00 UTC 
*** Bug 540933 has been marked as a duplicate of this bug. ***
Comment 42 Daniel Walsh 2009-11-24 14:59:16 UTC 
*** Bug 540931 has been marked as a duplicate of this bug. ***
Comment 43 Daniel Walsh 2009-11-24 14:59:21 UTC 
*** Bug 540932 has been marked as a duplicate of this bug. ***
Comment 44 Daniel Walsh 2009-11-24 14:59:55 UTC 
*** Bug 540934 has been marked as a duplicate of this bug. ***
Comment 45 Daniel Walsh 2009-11-24 15:02:16 UTC 
*** Bug 540938 has been marked as a duplicate of this bug. ***
Comment 46 Daniel Walsh 2009-11-24 15:02:25 UTC 
*** Bug 540937 has been marked as a duplicate of this bug. ***
Comment 47 Daniel Walsh 2009-11-24 15:02:34 UTC 
*** Bug 540936 has been marked as a duplicate of this bug. ***
Comment 48 Daniel Walsh 2009-11-24 15:02:45 UTC 
*** Bug 540935 has been marked as a duplicate of this bug. ***
Comment 49 Daniel Walsh 2009-11-24 20:08:26 UTC 
*** Bug 541042 has been marked as a duplicate of this bug. ***
Comment 50 Miroslav Grepl 2009-11-25 09:38:48 UTC 
*** Bug 541146 has been marked as a duplicate of this bug. ***
Comment 51 Daniel Walsh 2009-11-25 19:04:11 UTC 
*** Bug 541379 has been marked as a duplicate of this bug. ***
Comment 52 Daniel Walsh 2009-11-29 20:00:05 UTC 
*** Bug 542333 has been marked as a duplicate of this bug. ***
Comment 53 Daniel Walsh 2009-11-29 20:01:12 UTC 
*** Bug 542298 has been marked as a duplicate of this bug. ***
Comment 54 Miroslav Grepl 2009-11-30 11:26:55 UTC 
*** Bug 542283 has been marked as a duplicate of this bug. ***
Comment 55 Miroslav Grepl 2009-11-30 11:27:46 UTC 
*** Bug 542154 has been marked as a duplicate of this bug. ***
Comment 56 Miroslav Grepl 2009-11-30 11:28:30 UTC 
*** Bug 542153 has been marked as a duplicate of this bug. ***
Comment 57 Miroslav Grepl 2009-11-30 11:29:21 UTC 
*** Bug 542151 has been marked as a duplicate of this bug. ***
Comment 58 Miroslav Grepl 2009-11-30 11:30:06 UTC 
*** Bug 542162 has been marked as a duplicate of this bug. ***
Comment 59 Miroslav Grepl 2009-11-30 11:30:51 UTC 
*** Bug 542235 has been marked as a duplicate of this bug. ***
Comment 60 Miroslav Grepl 2009-11-30 11:31:43 UTC 
*** Bug 542002 has been marked as a duplicate of this bug. ***
Comment 61 Miroslav Grepl 2009-11-30 11:32:32 UTC 
*** Bug 542119 has been marked as a duplicate of this bug. ***
Comment 62 Miroslav Grepl 2009-11-30 11:34:27 UTC 
*** Bug 542118 has been marked as a duplicate of this bug. ***
Comment 63 Miroslav Grepl 2009-11-30 11:40:15 UTC 
*** Bug 542237 has been marked as a duplicate of this bug. ***
Comment 64 Miroslav Grepl 2009-11-30 11:40:59 UTC 
*** Bug 542243 has been marked as a duplicate of this bug. ***
Comment 65 Miroslav Grepl 2009-11-30 11:51:21 UTC 
*** Bug 542618 has been marked as a duplicate of this bug. ***
Comment 66 Daniel Walsh 2009-11-30 21:03:34 UTC 
*** Bug 542169 has been marked as a duplicate of this bug. ***
Comment 67 Miroslav Grepl 2009-12-01 11:20:38 UTC 
*** Bug 542955 has been marked as a duplicate of this bug. ***
Comment 68 Miroslav Grepl 2009-12-01 11:23:12 UTC 
*** Bug 542946 has been marked as a duplicate of this bug. ***
Comment 69 Miroslav Grepl 2009-12-01 11:23:49 UTC 
*** Bug 542950 has been marked as a duplicate of this bug. ***
Comment 70 Miroslav Grepl 2009-12-01 11:25:20 UTC 
*** Bug 542948 has been marked as a duplicate of this bug. ***
Comment 71 Miroslav Grepl 2009-12-01 11:25:47 UTC 
*** Bug 542947 has been marked as a duplicate of this bug. ***
Comment 72 Miroslav Grepl 2009-12-01 11:26:19 UTC 
*** Bug 542942 has been marked as a duplicate of this bug. ***
Comment 73 Miroslav Grepl 2009-12-01 11:26:45 UTC 
*** Bug 542941 has been marked as a duplicate of this bug. ***
Comment 74 Miroslav Grepl 2009-12-01 11:27:36 UTC 
*** Bug 542959 has been marked as a duplicate of this bug. ***
Comment 75 Miroslav Grepl 2009-12-01 11:28:35 UTC 
*** Bug 542957 has been marked as a duplicate of this bug. ***
Comment 76 Miroslav Grepl 2009-12-01 11:29:35 UTC 
*** Bug 542943 has been marked as a duplicate of this bug. ***
Comment 77 Daniel Walsh 2009-12-01 14:51:16 UTC 
*** Bug 543030 has been marked as a duplicate of this bug. ***
Comment 78 Daniel Walsh 2009-12-01 15:38:44 UTC 
*** Bug 541993 has been marked as a duplicate of this bug. ***
Comment 79 Miroslav Grepl 2009-12-02 11:00:35 UTC 
*** Bug 543310 has been marked as a duplicate of this bug. ***
Comment 80 Miroslav Grepl 2009-12-02 11:03:46 UTC 
*** Bug 543350 has been marked as a duplicate of this bug. ***
Comment 81 Miroslav Grepl 2009-12-02 11:04:33 UTC 
*** Bug 543309 has been marked as a duplicate of this bug. ***
Comment 82 Miroslav Grepl 2009-12-02 11:11:25 UTC 
*** Bug 543412 has been marked as a duplicate of this bug. ***
Comment 83 Miroslav Grepl 2009-12-02 11:11:53 UTC 
*** Bug 543414 has been marked as a duplicate of this bug. ***
Comment 84 Miroslav Grepl 2009-12-02 11:12:48 UTC 
*** Bug 543421 has been marked as a duplicate of this bug. ***
Comment 85 Miroslav Grepl 2009-12-02 11:13:14 UTC 
*** Bug 543420 has been marked as a duplicate of this bug. ***
Comment 86 Miroslav Grepl 2009-12-02 11:14:16 UTC 
*** Bug 543419 has been marked as a duplicate of this bug. ***
Comment 87 Miroslav Grepl 2009-12-02 11:15:24 UTC 
*** Bug 543422 has been marked as a duplicate of this bug. ***
Comment 88 Miroslav Grepl 2009-12-02 11:16:08 UTC 
*** Bug 543423 has been marked as a duplicate of this bug. ***
Comment 89 Miroslav Grepl 2009-12-02 11:16:37 UTC 
*** Bug 543418 has been marked as a duplicate of this bug. ***
Comment 90 Miroslav Grepl 2009-12-02 11:17:04 UTC 
*** Bug 543417 has been marked as a duplicate of this bug. ***
Comment 91 Miroslav Grepl 2009-12-02 11:17:40 UTC 
*** Bug 543416 has been marked as a duplicate of this bug. ***
Comment 92 Miroslav Grepl 2009-12-02 11:18:09 UTC 
*** Bug 543415 has been marked as a duplicate of this bug. ***
Comment 93 Daniel Walsh 2009-12-02 18:39:02 UTC 
*** Bug 543556 has been marked as a duplicate of this bug. ***
Comment 94 Daniel Walsh 2009-12-02 21:12:30 UTC 
*** Bug 543672 has been marked as a duplicate of this bug. ***
Comment 95 Daniel Walsh 2009-12-02 21:12:55 UTC 
*** Bug 543673 has been marked as a duplicate of this bug. ***
Comment 96 Miroslav Grepl 2009-12-03 10:22:03 UTC 
*** Bug 543818 has been marked as a duplicate of this bug. ***
Comment 97 Miroslav Grepl 2009-12-03 10:26:28 UTC 
*** Bug 543855 has been marked as a duplicate of this bug. ***
Comment 98 Miroslav Grepl 2009-12-03 13:26:56 UTC 
*** Bug 543874 has been marked as a duplicate of this bug. ***
Comment 99 Miroslav Grepl 2009-12-04 11:09:47 UTC 
*** Bug 544187 has been marked as a duplicate of this bug. ***
Comment 100 Miroslav Grepl 2009-12-04 11:10:29 UTC 
*** Bug 544165 has been marked as a duplicate of this bug. ***
Comment 101 Miroslav Grepl 2009-12-04 11:16:05 UTC 
*** Bug 544166 has been marked as a duplicate of this bug. ***
Comment 102 Miroslav Grepl 2009-12-04 11:22:56 UTC 
*** Bug 544164 has been marked as a duplicate of this bug. ***
Comment 103 Miroslav Grepl 2009-12-04 11:23:38 UTC 
*** Bug 544163 has been marked as a duplicate of this bug. ***
Comment 104 Miroslav Grepl 2009-12-04 11:24:09 UTC 
*** Bug 544162 has been marked as a duplicate of this bug. ***
Comment 105 Miroslav Grepl 2009-12-04 11:24:49 UTC 
*** Bug 544156 has been marked as a duplicate of this bug. ***
Comment 106 Miroslav Grepl 2009-12-04 11:25:43 UTC 
*** Bug 544155 has been marked as a duplicate of this bug. ***
Comment 107 Miroslav Grepl 2009-12-04 11:26:14 UTC 
*** Bug 544153 has been marked as a duplicate of this bug. ***
Comment 108 Miroslav Grepl 2009-12-04 11:27:24 UTC 
*** Bug 544151 has been marked as a duplicate of this bug. ***
Comment 109 Miroslav Grepl 2009-12-04 13:05:04 UTC 
*** Bug 544263 has been marked as a duplicate of this bug. ***
Comment 110 Daniel Walsh 2009-12-05 12:15:48 UTC 
*** Bug 544460 has been marked as a duplicate of this bug. ***
Comment 111 Daniel Walsh 2009-12-05 12:16:20 UTC 
*** Bug 544461 has been marked as a duplicate of this bug. ***
Comment 112 Daniel Walsh 2009-12-05 23:13:41 UTC 
*** Bug 544602 has been marked as a duplicate of this bug. ***
Comment 113 Daniel Walsh 2009-12-05 23:32:34 UTC 
*** Bug 544545 has been marked as a duplicate of this bug. ***
Comment 114 Daniel Walsh 2009-12-06 15:07:01 UTC 
*** Bug 544755 has been marked as a duplicate of this bug. ***
Comment 115 Miroslav Grepl 2009-12-07 09:42:46 UTC 
*** Bug 544920 has been marked as a duplicate of this bug. ***
Comment 116 Miroslav Grepl 2009-12-07 09:44:16 UTC 
*** Bug 544857 has been marked as a duplicate of this bug. ***
Comment 117 Miroslav Grepl 2009-12-07 09:45:00 UTC 
*** Bug 544855 has been marked as a duplicate of this bug. ***
Comment 118 Miroslav Grepl 2009-12-07 09:47:11 UTC 
*** Bug 544919 has been marked as a duplicate of this bug. ***
Comment 119 Daniel Walsh 2009-12-07 20:29:28 UTC 
*** Bug 545081 has been marked as a duplicate of this bug. ***
Comment 120 Daniel Walsh 2009-12-07 21:04:53 UTC 
*** Bug 544909 has been marked as a duplicate of this bug. ***
Comment 121 Daniel Walsh 2009-12-07 22:53:45 UTC 
*** Bug 545212 has been marked as a duplicate of this bug. ***
Comment 122 Miroslav Grepl 2009-12-08 09:50:52 UTC 
*** Bug 545320 has been marked as a duplicate of this bug. ***
Comment 123 Miroslav Grepl 2009-12-08 09:51:30 UTC 
*** Bug 545319 has been marked as a duplicate of this bug. ***
Comment 124 Miroslav Grepl 2009-12-09 10:42:35 UTC 
*** Bug 545426 has been marked as a duplicate of this bug. ***
Comment 125 Daniel Walsh 2009-12-09 14:49:57 UTC 
*** Bug 545729 has been marked as a duplicate of this bug. ***
Comment 126 Daniel Walsh 2009-12-09 14:52:15 UTC 
*** Bug 545772 has been marked as a duplicate of this bug. ***
Comment 127 Spencer Tom Tafadzwa Chirume 2009-12-09 20:12:54 UTC 
(In reply to comment #23)
> We have not figured out what the best way to handle "old" avc's is.  But on
> upgrade we probably should have cleared the database.  
> 
> What should we do with an AVC that has been reported?  Should it be deleted? 
> Should it be marked as ignore?  Right now we are turning on the report bug when
> it is a configurtion or labeling issue, so we are getting bug reports for non
> bugs.  

Will that mean errant bug alerts won't show up after a future Fedora upgrade, it's a practical bug when you have plenty of users reporting a "non bug" is it not?
Comment 128 Daniel Walsh 2009-12-09 20:23:30 UTC 
The tool looks at all AVC's that happened during the upgrade and then users report bugs with F11 policy on an F12 machine.  As far as I am concerned the bugs do not exist on the F12 machine, so they are NOTABUG.  I could rewrite the program to not see the bugs, but this could be error prone and take some time.
Comment 129 Daniel Walsh 2009-12-09 21:54:34 UTC 
*** Bug 546048 has been marked as a duplicate of this bug. ***
Comment 130 Daniel Walsh 2009-12-09 21:55:04 UTC 
*** Bug 546051 has been marked as a duplicate of this bug. ***
Comment 131 Daniel Walsh 2009-12-09 21:55:22 UTC 
*** Bug 546052 has been marked as a duplicate of this bug. ***
Comment 132 Daniel Walsh 2009-12-10 16:29:04 UTC 
*** Bug 546287 has been marked as a duplicate of this bug. ***
Comment 133 Miroslav Grepl 2009-12-14 10:46:40 UTC 
*** Bug 546969 has been marked as a duplicate of this bug. ***
Comment 134 Miroslav Grepl 2009-12-14 10:48:13 UTC 
*** Bug 547196 has been marked as a duplicate of this bug. ***
Comment 135 Miroslav Grepl 2009-12-14 10:52:00 UTC 
*** Bug 547050 has been marked as a duplicate of this bug. ***
Comment 136 Miroslav Grepl 2009-12-14 10:56:57 UTC 
*** Bug 546971 has been marked as a duplicate of this bug. ***
Comment 137 Miroslav Grepl 2009-12-14 10:57:52 UTC 
*** Bug 546970 has been marked as a duplicate of this bug. ***
Comment 138 Miroslav Grepl 2009-12-14 10:58:34 UTC 
*** Bug 546968 has been marked as a duplicate of this bug. ***
Comment 139 Miroslav Grepl 2009-12-14 10:59:42 UTC 
*** Bug 546964 has been marked as a duplicate of this bug. ***
Comment 140 Daniel Walsh 2009-12-15 14:25:50 UTC 
*** Bug 547687 has been marked as a duplicate of this bug. ***
Comment 141 Miroslav Grepl 2009-12-16 12:27:39 UTC 
*** Bug 547927 has been marked as a duplicate of this bug. ***
Comment 142 Miroslav Grepl 2009-12-16 12:28:37 UTC 
*** Bug 547925 has been marked as a duplicate of this bug. ***
Comment 143 Miroslav Grepl 2009-12-16 12:29:45 UTC 
*** Bug 547926 has been marked as a duplicate of this bug. ***
Comment 144 Daniel Walsh 2009-12-16 13:54:32 UTC 
*** Bug 547929 has been marked as a duplicate of this bug. ***
Comment 145 Miroslav Grepl 2009-12-18 11:45:57 UTC 
*** Bug 548660 has been marked as a duplicate of this bug. ***
Comment 146 Daniel Walsh 2009-12-22 13:50:19 UTC 
*** Bug 549674 has been marked as a duplicate of this bug. ***
Comment 147 Daniel Walsh 2009-12-22 13:53:46 UTC 
*** Bug 549680 has been marked as a duplicate of this bug. ***
Comment 148 Daniel Walsh 2009-12-22 13:54:01 UTC 
*** Bug 549681 has been marked as a duplicate of this bug. ***
Comment 149 Daniel Walsh 2009-12-23 14:18:36 UTC 
*** Bug 543945 has been marked as a duplicate of this bug. ***
Comment 150 Daniel Walsh 2009-12-23 14:25:53 UTC 
*** Bug 531817 has been marked as a duplicate of this bug. ***
Comment 151 Daniel Walsh 2009-12-23 16:39:16 UTC 
*** Bug 532848 has been marked as a duplicate of this bug. ***
Comment 152 Daniel Walsh 2009-12-23 17:08:41 UTC 
*** Bug 540555 has been marked as a duplicate of this bug. ***
Comment 153 Daniel Walsh 2009-12-27 12:26:00 UTC 
*** Bug 550750 has been marked as a duplicate of this bug. ***
Comment 154 Daniel Walsh 2009-12-27 12:26:20 UTC 
*** Bug 550751 has been marked as a duplicate of this bug. ***
Comment 155 Daniel Walsh 2009-12-27 12:27:42 UTC 
*** Bug 550749 has been marked as a duplicate of this bug. ***
Comment 156 Daniel Walsh 2009-12-27 12:27:56 UTC 
*** Bug 550748 has been marked as a duplicate of this bug. ***
Comment 157 Daniel Walsh 2009-12-27 12:28:09 UTC 
*** Bug 550747 has been marked as a duplicate of this bug. ***
Comment 158 Daniel Walsh 2009-12-27 12:28:26 UTC 
*** Bug 550746 has been marked as a duplicate of this bug. ***
Comment 159 Daniel Walsh 2009-12-27 12:28:46 UTC 
*** Bug 550745 has been marked as a duplicate of this bug. ***
Comment 160 Daniel Walsh 2009-12-27 13:16:25 UTC 
*** Bug 550425 has been marked as a duplicate of this bug. ***
Comment 161 Miroslav Grepl 2009-12-29 16:21:33 UTC 
*** Bug 551120 has been marked as a duplicate of this bug. ***
Comment 162 Miroslav Grepl 2010-01-04 11:20:19 UTC 
*** Bug 552174 has been marked as a duplicate of this bug. ***
Comment 163 Miroslav Grepl 2010-01-07 11:26:44 UTC 
*** Bug 553136 has been marked as a duplicate of this bug. ***
Comment 164 Daniel Walsh 2010-01-07 18:41:42 UTC 
*** Bug 553363 has been marked as a duplicate of this bug. ***
Comment 165 Miroslav Grepl 2010-01-26 13:55:05 UTC 
*** Bug 558745 has been marked as a duplicate of this bug. ***
Comment 166 Daniel Walsh 2010-01-27 15:42:07 UTC 
*** Bug 558987 has been marked as a duplicate of this bug. ***
Comment 167 Daniel Walsh 2010-01-28 13:52:23 UTC 
*** Bug 559434 has been marked as a duplicate of this bug. ***
Comment 168 Daniel Walsh 2010-01-29 22:04:20 UTC 
*** Bug 560010 has been marked as a duplicate of this bug. ***
Comment 169 Miroslav Grepl 2010-02-01 09:28:41 UTC 
*** Bug 560113 has been marked as a duplicate of this bug. ***
Comment 170 Miroslav Grepl 2010-02-01 10:14:34 UTC 
*** Bug 560154 has been marked as a duplicate of this bug. ***
Comment 171 Miroslav Grepl 2010-02-01 10:29:36 UTC 
*** Bug 560201 has been marked as a duplicate of this bug. ***
Comment 172 Miroslav Grepl 2010-02-01 10:37:34 UTC 
*** Bug 560216 has been marked as a duplicate of this bug. ***
Comment 173 Miroslav Grepl 2010-02-01 11:02:44 UTC 
*** Bug 560254 has been marked as a duplicate of this bug. ***
Comment 174 Miroslav Grepl 2010-02-01 12:10:05 UTC 
*** Bug 560450 has been marked as a duplicate of this bug. ***
Comment 175 Miroslav Grepl 2010-02-01 13:26:03 UTC 
*** Bug 560347 has been marked as a duplicate of this bug. ***
Comment 176 Miroslav Grepl 2010-02-01 15:43:25 UTC 
*** Bug 560620 has been marked as a duplicate of this bug. ***
Comment 177 Daniel Walsh 2010-02-01 18:26:23 UTC 
*** Bug 560298 has been marked as a duplicate of this bug. ***
Comment 178 Miroslav Grepl 2010-02-01 19:52:57 UTC 
*** Bug 560764 has been marked as a duplicate of this bug. ***
Comment 179 Miroslav Grepl 2010-02-01 19:55:49 UTC 
*** Bug 560762 has been marked as a duplicate of this bug. ***
Comment 180 Miroslav Grepl 2010-02-02 12:11:38 UTC 
*** Bug 560937 has been marked as a duplicate of this bug. ***
Comment 181 Miroslav Grepl 2010-02-02 12:14:20 UTC 
*** Bug 560939 has been marked as a duplicate of this bug. ***
Comment 182 Daniel Walsh 2010-02-02 14:01:54 UTC 
*** Bug 560983 has been marked as a duplicate of this bug. ***
Comment 183 Miroslav Grepl 2010-02-03 11:24:29 UTC 
*** Bug 561208 has been marked as a duplicate of this bug. ***
Comment 184 Daniel Walsh 2010-02-03 13:21:25 UTC 
*** Bug 561215 has been marked as a duplicate of this bug. ***
Comment 185 Daniel Walsh 2010-02-05 16:07:22 UTC 
*** Bug 562201 has been marked as a duplicate of this bug. ***
Comment 186 Daniel Walsh 2010-02-05 16:08:18 UTC 
*** Bug 562202 has been marked as a duplicate of this bug. ***
Comment 187 Daniel Walsh 2010-02-05 16:09:00 UTC 
*** Bug 562203 has been marked as a duplicate of this bug. ***
Comment 188 Daniel Walsh 2010-02-05 16:09:27 UTC 
*** Bug 562204 has been marked as a duplicate of this bug. ***
Comment 189 Daniel Walsh 2010-02-05 16:10:18 UTC 
*** Bug 562206 has been marked as a duplicate of this bug. ***
Comment 190 Daniel Walsh 2010-02-05 16:10:41 UTC 
*** Bug 562208 has been marked as a duplicate of this bug. ***
Comment 191 Daniel Walsh 2010-02-05 16:11:06 UTC 
*** Bug 562210 has been marked as a duplicate of this bug. ***
Comment 192 Daniel Walsh 2010-02-05 16:11:26 UTC 
*** Bug 562211 has been marked as a duplicate of this bug. ***
Comment 193 Miroslav Grepl 2010-02-08 11:26:42 UTC 
*** Bug 562345 has been marked as a duplicate of this bug. ***
Comment 194 Daniel Walsh 2010-02-09 13:17:26 UTC 
*** Bug 563027 has been marked as a duplicate of this bug. ***
Comment 195 Daniel Walsh 2010-02-12 14:50:18 UTC 
*** Bug 564327 has been marked as a duplicate of this bug. ***
Comment 196 Daniel Walsh 2010-02-12 14:50:44 UTC 
*** Bug 564328 has been marked as a duplicate of this bug. ***
Comment 197 Daniel Walsh 2010-02-14 14:56:27 UTC 
*** Bug 564897 has been marked as a duplicate of this bug. ***
Comment 198 Miroslav Grepl 2010-02-15 09:48:34 UTC 
*** Bug 565369 has been marked as a duplicate of this bug. ***
Comment 199 Miroslav Grepl 2010-02-15 10:03:43 UTC 
*** Bug 565344 has been marked as a duplicate of this bug. ***
Comment 200 Miroslav Grepl 2010-02-16 11:55:22 UTC 
*** Bug 565729 has been marked as a duplicate of this bug. ***
Comment 201 Miroslav Grepl 2010-02-16 12:49:57 UTC 
*** Bug 565741 has been marked as a duplicate of this bug. ***
Comment 202 Miroslav Grepl 2010-02-17 11:30:54 UTC 
*** Bug 566080 has been marked as a duplicate of this bug. ***
Comment 203 Miroslav Grepl 2010-02-17 11:34:10 UTC 
*** Bug 566075 has been marked as a duplicate of this bug. ***
Comment 204 Miroslav Grepl 2010-02-17 11:35:00 UTC 
*** Bug 566067 has been marked as a duplicate of this bug. ***
Comment 205 Daniel Walsh 2010-02-17 13:58:35 UTC 
*** Bug 566072 has been marked as a duplicate of this bug. ***
Comment 206 Daniel Walsh 2010-02-17 13:59:22 UTC 
*** Bug 566074 has been marked as a duplicate of this bug. ***
Comment 207 Daniel Walsh 2010-02-17 16:01:26 UTC 
*** Bug 566178 has been marked as a duplicate of this bug. ***
Comment 208 Daniel Walsh 2010-02-23 22:42:22 UTC 
*** Bug 567784 has been marked as a duplicate of this bug. ***
Comment 209 Daniel Walsh 2010-02-23 23:42:07 UTC 
*** Bug 561137 has been marked as a duplicate of this bug. ***
Comment 210 Daniel Walsh 2010-03-02 21:22:53 UTC 
*** Bug 569986 has been marked as a duplicate of this bug. ***
Comment 211 Daniel Walsh 2010-03-07 13:43:55 UTC 
*** Bug 571116 has been marked as a duplicate of this bug. ***
Comment 212 Daniel Walsh 2010-03-07 13:45:33 UTC 
*** Bug 571117 has been marked as a duplicate of this bug. ***
Comment 213 Miroslav Grepl 2010-03-19 15:22:45 UTC 
*** Bug 575130 has been marked as a duplicate of this bug. ***
Comment 214 Miroslav Grepl 2010-03-29 07:36:30 UTC 
*** Bug 577457 has been marked as a duplicate of this bug. ***
Comment 215 Daniel Walsh 2010-05-27 21:19:05 UTC 
*** Bug 596988 has been marked as a duplicate of this bug. ***
Comment 216 Daniel Walsh 2010-06-04 21:09:33 UTC 
*** Bug 600424 has been marked as a duplicate of this bug. ***
Comment 217 Daniel Walsh 2010-07-22 16:25:47 UTC 
*** Bug 617250 has been marked as a duplicate of this bug. ***
Comment 218 Daniel Walsh 2010-07-30 18:54:10 UTC 
*** Bug 619618 has been marked as a duplicate of this bug. ***
Comment 219 Miroslav Grepl 2010-08-02 11:52:09 UTC 
*** Bug 619881 has been marked as a duplicate of this bug. ***
Comment 220 Miroslav Grepl 2010-08-02 11:52:49 UTC 
*** Bug 619882 has been marked as a duplicate of this bug. ***
Comment 221 Miroslav Grepl 2010-08-16 13:48:26 UTC 
*** Bug 624012 has been marked as a duplicate of this bug. ***
Comment 222 Bill McGonigle 2010-08-17 21:55:55 UTC 
Oh, I think I see the problem here.  The AVC icon pops up in the systray area.  "Ah, I've got a new AVC" you think, so you click on the icon that's trying to grab your attention.  It pops up the GUI .... but on an AVC that's not the one the icon was trying to alert you about.  In my case just now, it was on 21 of 50, from last October.  It should pop up to the AVC that caused the icon to appear.  I suspect this behavior would eliminate the bulk of the work having to be done here, with no hard choices about what to delete or not.

This is on my f12 machine, anyway, haven't seen it yet on f13.
Comment 223 Miroslav Grepl 2010-11-18 10:09:03 UTC 
*** Bug 654136 has been marked as a duplicate of this bug. ***