Bug 917610

Summary: SELinux is preventing /usr/lib/sa/sadc from 'read' accesses on the file sa05.
Product: [Fedora] Fedora Reporter: Christopher Meng <i>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: dominick.grift, dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Unspecified   
Whiteboard: abrt_hash:285352820bc76350e27ce6c91c73ca96c522afef7da23cdd17e283461ed757ba
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-05 18:30:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
ausearch -m avc -ts recent none

Description Christopher Meng 2013-03-04 12:01:27 UTC 
Additional info:
hashmarkername: setroubleshoot
kernel:         3.9.0-0.rc0.git14.1.fc19.i686.PAE
type:           libreport
Comment 1 Daniel Walsh 2013-03-04 14:54:12 UTC 
Could you attach the avc messages

ausearch -m avc -ts recent
Comment 2 Christopher Meng 2013-03-05 13:17:58 UTC 
Created attachment 705424 [details]
ausearch -m avc -ts recent
Comment 3 Daniel Walsh 2013-03-05 18:30:23 UTC 
Fixed in selinux-policy-3.12.1-18.fc19
Comment 4 Christopher Meng 2013-03-06 03:55:10 UTC 
Tell me the theory OK??
Comment 5 Daniel Walsh 2013-03-06 17:21:39 UTC 
Basically I am now allowing sadc to manage its own log files, before is was only allowed to create and append to them.
Comment 6 Miroslav Grepl 2013-03-07 10:06:25 UTC 
Yes, which has been adopted from upstream policy.