Description of problem: I get these avc denied messages everytime while upgrading the SELinux policy: type=AVC msg=audit(1141600380.200:890872): avc: denied { read write } for pid=22630 comm="load_policy" name="semanage.trans.LOCK" dev=cciss/c0d0p2 ino=1081437 scontext=user_u:system_r:load_policy_t:s0-s0:c0.c255 tcontext=system_u:object_r:semanage_trans_lock_t:s0 tclass=file type=AVC msg=audit(1141600380.200:890872): avc: denied { read write } for pid=22630 comm="load_policy" name="semanage.read.LOCK" dev=cciss/c0d0p2 ino=1081436 scontext=user_u:system_r:load_policy_t:s0-s0:c0.c255 tcontext=system_u:object_r:semanage_read_lock_t:s0 tclass=file type=SYSCALL msg=audit(1141600380.200:890872): arch=40000003 syscall=11 success=yes exit=0 a0=955c800 a1=9b9d600 a2=0 a3=0 items=2 pid=22630 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="load_policy" exe="/usr/sbin/load_policy" type=AVC_PATH msg=audit(1141600380.200:890872): path="/etc/selinux/targeted/ modules/semanage.read.LOCK" type=AVC_PATH msg=audit(1141600380.200:890872): path="/etc/selinux/targeted/ modules/semanage.trans.LOCK" type=CWD msg=audit(1141600380.200:890872): cwd="/usr/share/selinux/targeted" type=PATH msg=audit(1141600380.200:890872): item=0 name="/usr/sbin/load_policy" flags=101 inode=458846 dev=68:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 type=PATH msg=audit(1141600380.200:890872): item=1 flags=101 inode=2965569 dev=68:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 Version-Release number of selected component (if applicable): selinux-policy-targeted-2.2.21-7 How reproducible: Everytime on upgrading SELinux policy (also at rpm -Uvh --force) Expected results: No avc denied messages ;-)
Fixed in 2.2.23-3