Bug 693078

Zusammenfassung:

SELinux is preventing /usr/sbin/hald access to a leaked
/tmp/vmware-root/vmware-tools-upgrader.log file descriptor.

Detaillierte Beschreibung:

[hald hat einen toleranten Typ (hald_t). Dieser Zugriff wurde nicht verweigert.]

SELinux denied access requested by the hald command. It looks like this is
either a leaked descriptor or hald output was redirected to a file it is not
allowed to access. Leaks usually can be ignored since SELinux is just closing
the leak and reporting the error. The application does not use the descriptor,
so it will run properly. If this is a redirection, you will not get output in
the /tmp/vmware-root/vmware-tools-upgrader.log. You should generate a bugzilla
on selinux-policy, and it will get routed to the appropriate package. You can
safely ignore this avc.

Zugriff erlauben:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)

Zusätzliche Informationen:

Quellkontext                  system_u:system_r:hald_t:s0
Zielkontext                   system_u:object_r:initrc_tmp_t:s0
Zielobjekte                   /tmp/vmware-root/vmware-tools-upgrader.log [ file
                              ]
Quelle                        hald
Quellen-Pfad                  /usr/sbin/hald
Port                          <Unbekannt>
Host                          (removed)
Quellen-RPM-Pakete            hal-0.5.13-9.fc12
Ziel-RPM-Pakete               
RPM-Richtlinie                selinux-policy-3.6.32-41.fc12
SELinux aktiviert             True
Richtlinienversion            targeted
MLS aktiviert                 True
Enforcing-Modus               Enforcing
Plugin-Name                   leaks
Hostname                      (removed)
Plattform                     Linux (removed) 2.6.31.5-127.fc12.i686
                              #1 SMP Sat Nov 7 21:41:45 EST 2009 i686 i686
Anzahl der Alarme             2
Zuerst gesehen                Do 29 Jul 2010 12:41:38 EDT
Zuletzt gesehen               Do 29 Jul 2010 12:41:38 EDT
Lokale ID                     c31f9a73-0960-476c-beb4-35c6df7f423c
Zeilennummern                 

Raw-Audit-Meldungen           

node=(removed) type=AVC msg=audit(1280421698.703:32): avc:  denied  { append } for  pid=6412 comm="hald" path="/tmp/vmware-root/vmware-tools-upgrader.log" dev=dm-0 ino=136602 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file

node=(removed) type=AVC msg=audit(1280421698.703:32): avc:  denied  { append } for  pid=6412 comm="hald" path="/tmp/vmware-root/vmware-tools-upgrader.log" dev=dm-0 ino=136602 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1280421698.703:32): arch=40000003 syscall=11 success=yes exit=0 a0=9dac2c8 a1=9dac198 a2=9dac678 a3=9dac198 items=0 ppid=6411 pid=6412 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="hald" exe="/usr/sbin/hald" subj=system_u:system_r:hald_t:s0 key=(null)



Hash String generated from  selinux-policy-3.6.32-41.fc12,leaks,hald,hald_t,initrc_tmp_t,file,append
audit2allow suggests:

#============= hald_t ==============
allow hald_t initrc_tmp_t:file append;