selinux-policy-3.13.1-103.fc21 couchdb-1.6.1-4.fc21.x86_64 Reproduce Procedure: 1. Apply the fix in Bug #1177716 to the couchdb semodule. 2. yum install couchdb 3. systemctl start couchdb.service type=AVC msg=audit(1419911091.723:2412): avc: denied { search } for pid=1344 comm="df" name=".local" dev="dm-6" ino=1310771 scontext=system_u:system_r:couchdb_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir permissive=0
Hi, Do you know why couchdb need this search? I prefer add dontaudit rule what do you think?
Yes, this in particular it doesn't need. dontaudit is fine.
commit e87f093a4f4b534d85f07f4d50b6ef6763e25bef Author: Lukas Vrabec <lvrabec> Date: Fri Jan 23 22:35:29 2015 +0100 Dontaudit couchdb search in gconf_home_t. BZ(1177717)
selinux-policy-3.13.1-105.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-105.fc21
Package selinux-policy-3.13.1-105.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-105.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-1337/selinux-policy-3.13.1-105.fc21 then log in and leave karma (feedback).
selinux-policy-3.13.1-105.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.