Bug 838703

Summary: /usr/sbin/tmpwatch setattr access on the directory kdecache-root.
Product: [Fedora] Fedora Reporter: Michael S. Tsirkin <mst>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: dominick.grift, dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-07-10 07:19:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michael S. Tsirkin 2012-07-09 20:40:49 UTC 
Description of problem:
I am using kde.  at some point I got this error:


Version-Release number of selected component (if applicable):
selinux-policy-3.10.0-134.fc17.noarch

How reproducible:
first time this happened

Steps to Reproduce:
at some point after using kde for several days I got this
selinux error
  
Actual results:
SELinux is preventing /usr/sbin/tmpwatch from setattr access on the directory kdecache-root.

*****  Plugin catchall_labels (83.8 confidence) suggests  ********************

If you want to allow tmpwatch to have setattr access on the kdecache-root directory
Then you need to change the label on kdecache-root
Do
# semanage fcontext -a -t FILE_TYPE 'kdecache-root'
where FILE_TYPE is one of the following: amavis_spool_t, man_t, usr_t, tmpfile, sandbox_file_t, kismet_log_t, rpm_var_cache_t, httpd_cache_t, user_home_type, print_spool_t. 
Then execute: 
restorecon -v 'kdecache-root'


Expected results:
should not get errors from kde usage

Additional info:
Comment 1 Miroslav Grepl 2012-07-10 07:19:07 UTC 

*** This bug has been marked as a duplicate of bug 836262 ***