Descriptionferry.oude-kotte
2010-03-31 17:11:57 UTC
Summary:
SELinux is preventing /usr/bin/gnome-keyring-daemon "write" access on /tmp.
Detailed Description:
SELinux denied access requested by gnome-keyring-d. It is not expected that this
access is required by gnome-keyring-d and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.
Additional Information:
Source Context unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023
Target Context system_u:object_r:tmp_t:s0
Target Objects /tmp [ dir ]
Source gnome-keyring-d
Source Path /usr/bin/gnome-keyring-daemon
Port <Unknown>
Host (removed)
Source RPM Packages gnome-keyring-2.28.2-2.fc12
Target RPM Packages filesystem-2.4.30-2.fc12
Policy RPM selinux-policy-3.6.32-106.fc12
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name catchall
Host Name (removed)
Platform Linux (removed) 2.6.32.10-90.fc12.x86_64 #1 SMP Tue
Mar 23 09:47:08 UTC 2010 x86_64 x86_64
Alert Count 1
First Seen Wed 31 Mar 2010 07:10:51 PM CEST
Last Seen Wed 31 Mar 2010 07:10:51 PM CEST
Local ID 40ff70f0-5bf9-4c26-8773-c3f1b1f40bdf
Line Numbers
Raw Audit Messages
node=(removed) type=AVC msg=audit(1270055451.273:35): avc: denied { write } for pid=3147 comm="gnome-keyring-d" name="tmp" dev=dm-0 ino=32770 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
node=(removed) type=SYSCALL msg=audit(1270055451.273:35): arch=c000003e syscall=83 success=no exit=-13 a0=1e16210 a1=1c0 a2=1e16222 a3=a0 items=0 ppid=3139 pid=3147 auid=501 uid=501 gid=501 euid=501 suid=501 fsuid=501 egid=501 sgid=501 fsgid=501 tty=pts0 ses=3 comm="gnome-keyring-d" exe="/usr/bin/gnome-keyring-daemon" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
Hash String generated from catchall,gnome-keyring-d,passwd_t,tmp_t,dir,write
audit2allow suggests:
#============= passwd_t ==============
#!!!! The source type 'passwd_t' can write to a 'dir' of the following types:
# pcscd_var_run_t, etc_t
allow passwd_t tmp_t:dir write;
I don't see a command line here and/or it's not letting me click on to write an >write allow< so I can get rid of this problem with the keyring trouble popping up.Can you help me?
I am not sure why it is trying to communicate with gnome-keyring, when it is not running. If you start gnome-keyring, the passwd command should work fine.