avc denials of the following form appear in the system logs: avc: denied { read } for comm='"prelink"' dev='hda3' egid='0' euid='0' exe='"/usr/sbin/prelink"' exit='-13' fsgid='0' fsuid='0' gid='0' items='0' name='"lib"' pid='19492' scontext=system_u:system_r:prelink_t:s0-s0:c0.c1023 sgid='0' subj='system_u:system_r:prelink_t:s0-s0:c0.c1023' suid='0' tclass='lnk_file' tcontext=user_u:object_r:usr_t:s0 tty='(none)' uid='0' Here's some additional information collected by the setroubleshoot browser: Source Context: system_u:system_r:prelink_t:SystemLow-SystemHigh Target Context: user_u:object_r:usr_t Target Objects: lib [ lnk_file ] Affected RPM Packages: prelink-0.3.9-2 [application] filesystem-2.4.0-1 [target] Policy RPM: selinux-policy-2.4.1-3.fc6 Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: Enforcing Plugin Name: plugins.catchall Host Name: localhost.localdomain Platform: Linux localhost.localdomain 2.6.18-1.2798.fc6 #1 SMP Mon Oct 16 14:37:32 EDT 2006 i686 i686 I tried "restorecon -v lib", which is what the setroubleshoot system recommends. This produced an error message, as expected, since there was no "lib" in the current directory. I tried "restorecon -v /lib /usr/lib", assuming that one of those two directories is what the setroubleshoot system's recommendation really meant to refer me to. This produced no output and the same avc denial appeared again two days later.
Fixed in selinux-policy-2.4.3-1
Source Context system_u:system_r:prelink_t Target Context system_u:object_r:usr_t Target Objects vultureseye [ file ] Affected RPM Packages prelink-0.3.9-2 [application] Policy RPM selinux-policy-2.4.3-2.fc6 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall Host Name perec.laptop Platform Linux perec.laptop 2.6.18-1.2849_1.fc6.cubbi_suspend2 #1 SMP Mon Nov 13 11:28:58 CET 2006 i686 i686 Raw Audit Messagesavc: denied { read } for comm='"prelink"' dev='hda3' egid='0' euid='0' exe='"/usr/sbin/prelink"' exit='-13' fsgid='0' fsuid='0' gid='0' items='0' name='"vultureseye"' pid='5610' scontext=system_u:system_r:prelink_t:s0 sgid='0' subj='system_u:system_r:prelink_t:s0' suid='0' tclass='file' tcontext=system_u:object_r:usr_t:s0 tty='(none)' uid='0' rpms: nethack-vultures-2.1.0-8.fc6 nethack-3.4.3-12.fc6 viruskiller-1.0-2.fc6 files: /usr/bin/vultureseye /usr/bin/nethack /usr/bin/vulturesclaw /usr/bin/viruskiller
This looks like a labeling problem. These files should be labeled bin_t. restorecon -R -v /usr/bin
Closed as all fixes are in the current release