Description of problem: I'm running dmidecode from cfengine (which runs under cron) to determine the manufacturer of the hardware. I'm getting the following selinux avc denied messages: audit(1160492510.915:120): avc: denied { use } for pid=31428 comm="dmidecode" name="[9503884]" dev=pipefs ino=9503884 scontext=user_u:system_r:dmidecode_t:s0 tcontext=user_u:system_r:crond_t:s0-s0:c0.c255 tclass=fd audit(1160492510.915:121): avc: denied { write } for pid=31428 comm="dmidecode" name="cf_apollo_cora_nwra_com_2006-10-10--09-00-01" dev=hda5 ino=261954 scontext=user_u:system_r:dmidecode_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=file Seems like it works okay though. Leaked file descriptors or just need to be dontaudited? Version-Release number of selected component (if applicable): selinux-policy-2.3.7-2.fc5
This may be related to bug #204176.
audit(1160492510.915:120): avc: denied { use } for pid=31428 comm="dmidecode" name="[9503884]" dev=pipefs ino=9503884 scontext=user_u:system_r:dmidecode_t:s0 tcontext=user_u:system_r:crond_t:s0-s0:c0.c255 tclass=fd This one looks like a leaked file descriptor. audit(1160492510.915:121): avc: denied { write } for pid=31428 comm="dmidecode" name="cf_apollo_cora_nwra_com_2006-10-10--09-00-01" dev=hda5 ino=261954 scontext=user_u:system_r:dmidecode_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=file This one however looks like dmidecode is trying to write to a log file of some sort? You could try the demidecode | cat hack to see if this dissapears. Are you running demidecode directly in cron or do you have another application that runs it?
cron runs cfagent, which then executes various tasks, one of which is: "/usr/sbin/dmidecode | grep -Fq Dell" Apparently, cfagent redirects output of commands to a file in /var/cfengine somewhere.
What I can't understand is why a transition is happening at all? From the policy in FC5 it looks like dmidecode only transitions from hal. So I would have thought that it would continue to run in the crond or unconfined_t context.
Also seeing this with some other commands run by cfagent: audit(1164556971.576:674): avc: denied { write } for pid=23342 comm="ifconfig" name="cf_lynx_cora_nwra_com_2006-11-26--09-00-01" dev=hda6 ino=116329 scontext=user_u:system_r:ifconfig_t:s0 tcontext=user_u:object_r:var_t:s0 tclass=file This is with selinux-policy-2.4.5-4.fc5
All of these bugs should be fixed in FC6, You could attempt to use the FC6 policy on FC5 or upgrade. Or you could use audit2allow -M mypolicy -i /var/log/audit/audit.log and build local customized policy