Description of problem: Just saw this once for the first time yesterday: Aug 16 04:22:47 irimi kernel: audit(1155723767.543:270): avc: denied { unlink } for pid=26168 comm="prelink" name="pnmdepth" dev=dm-2 ino=34481 scontext=user_u:system_r:prelink_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file lrwxrwxrwx 1 root root 8 Aug 15 05:36 /usr/bin/pnmdepth -> pamdepth lrwxrwxrwx root root system_u:object_r:bin_t /usr/bin/pnmdepth -> pamdepth The netpbm package was updated the previous day: Aug 15 05:34:53 Updated: netpbm.i386 10.34-1.fc5 Aug 15 05:37:09 Updated: netpbm-progs.i386 10.34-1.fc5 Aug 15 05:37:12 Updated: netpbm-devel.i386 10.34-1.fc5 Version-Release number of selected component (if applicable): selinux-policy-2.3.3-8.fc5 How reproducible: Can't yet. Additional info: Tried to reproduce this by running /etc/cron.daily/prelink by hand in a shell and got several of these: Aug 17 12:04:08 irimi kernel: audit(1155837848.339:271): avc: denied { read write } for pid=15386 comm="prelink" name="7" dev=devpts ino=9 scontext=root:system_r:prelink_t:s0-s0:c0.c255 tcontext=root:object_r:devpts_t:s0 tclass=chr_file
Fixed in selinux-policy-2.3.8-1
Have not seen with 2.4.5-4.fc5