Description of problem: SELinux denied access requested by /usr/sbin/hald. It is not expected that this access is required by /usr/sbin/hald and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /etc/auto.misc, restorecon -v /etc/auto.misc. There is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 - or you can disable SELinux protection entirely for the application. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Changing the "hald_disable_trans" boolean to true will disable SELinux protection this application: "setsebool -P hald_disable_trans=1." The following command will allow this access: setsebool -P hald_disable_trans=1 Version-Release number of selected component (if applicable): How reproducible: Unknown Steps to Reproduce: 1. Recieve alert 2. Run suggested command 3.Recieve alert again Actual results: Alert is reported Expected results: Command to allow access and get rid of alert Additional info: Source Context system_u:system_r:hald_t Target Context system_u:object_r:automount_etc_t Target Objects /etc/auto.misc [ file ] Affected RPM Packages hal-0.5.8.1-5.fc6 [application]autofs-5.0.1-0.rc2.36 [target] Policy RPM selinux-policy-2.4.6-7.fc6 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.disable_trans Host Name red1.timmieland.private Platform Linux red1.timmieland.private 2.6.18-1.2860.fc6xen #1 SMP Tue Dec 5 14:28:32 EST 2006 i686 athlon Alert Count 24 Line Numbers Raw Audit Messages avc: denied { getattr } for comm="hald" dev=dm-0 egid=68 euid=68 exe="/usr/sbin/hald" exit=-13 fsgid=68 fsuid=68 gid=68 items=0 name="auto.misc" path="/etc/auto.misc" pid=2979 scontext=system_u:system_r:hald_t:s0 sgid=68 subj=system_u:system_r:hald_t:s0 suid=68 tclass=file tcontext=system_u:object_r:automount_etc_t:s0 tty=(none) uid=68
Fixed in selinux-policy-2.4.6-37
upgrading to selinux-policy-2.4.6-37 and forcing a system relabel resovled this issue.