Description of problem: 'service gpm restart' produces the following avc denial: avc: denied { read } for pid=3597 exe=/usr/sbin/gpm name=localtime dev=dm-0 ino=924810 scontext=root:system_r:gpm_t tcontext=root:object_r:etc_t tclass=file Version-Release number of selected component (if applicable): policy-1.9-15 from audit2allow: allow gpm_t etc_t:file { read };
Actually, /etc/localtime should probably be readable by all domains.
This looks like a labeling problem. /etc/localtime should be locale_t Who create localtime? How could it get mislabeled?
switching timezones with 'system-config-{date,time}' rewrites /etc/localtime: before: system_u:object_r:locale_t after: root:object_r:etc_t adding system-config-date owner to Cc
If instead of removing the localtime, you could copy over it. This would maintain the security context. Dan
Should be fixed in system-config-date-1.7.3-1 in dist-fc2-hold.
file context is preserved with s-c-d-1.7.3-1.