Description of problem: Just booted my system and logged into my Xfce session SELinux is preventing tuned from 'execute' accesses on the file /tmp/ffi7RqsBt (deleted). ***** Plugin catchall (100. confidence) suggests ************************** If sie denken, dass es tuned standardmässig erlaubt sein sollte, execute Zugriff auf ffi7RqsBt (deleted) file zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # grep tuned /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:tuned_t:s0 Target Context system_u:object_r:tuned_tmp_t:s0 Target Objects /tmp/ffi7RqsBt (deleted) [ file ] Source tuned Source Path tuned Port <Unbekannt> Host (removed) Source RPM Packages python-2.7.5-7.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-84.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.11.2-301.fc20.x86_64 #1 SMP Fri Sep 27 19:45:03 UTC 2013 x86_64 x86_64 Alert Count 8 First Seen 2013-10-01 06:34:23 CEST Last Seen 2013-10-01 11:27:33 CEST Local ID 3e0a50fe-2d40-4ce1-b3da-0a5b41edf148 Raw Audit Messages type=AVC msg=audit(1380619653.579:186): avc: denied { execute } for pid=575 comm="tuned" path=2F746D702F666669375271734274202864656C6574656429 dev="tmpfs" ino=15679 scontext=system_u:system_r:tuned_t:s0 tcontext=system_u:object_r:tuned_tmp_t:s0 tclass=file type=SYSCALL msg=audit(1380619653.579:186): arch=x86_64 syscall=mmap success=no exit=EACCES a0=0 a1=1000 a2=5 a3=1 items=0 ppid=1 pid=575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=tuned exe=/usr/bin/python2.7 subj=system_u:system_r:tuned_t:s0 key=(null) Hash: tuned,tuned_t,tuned_tmp_t,file,execute Additional info: reporter: libreport-2.1.7 hashmarkername: setroubleshoot kernel: 3.11.2-301.fc20.x86_64 type: libreport
54f159575a3435116ece89966a4b2e0a67a931e4 fixes this in git.
selinux-policy-3.12.1-90.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-90.fc20
Package selinux-policy-3.12.1-90.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-90.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-19129/selinux-policy-3.12.1-90.fc20 then log in and leave karma (feedback).
selinux-policy-3.12.1-90.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.