From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.9) Gecko/20061219 Fedora/1.5.0.9-1.fc6 Firefox/1.5.0.9 pango-text Description of problem: When updating glibc to -2.5-10.fc6, setroubleshoot popped up the following deny message: avc: denied { search } for comm="tzdata-update" dev=dm-0 egid=0 euid=0 exe="/usr/sbin/tzdata-update" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="postfix" pid=3865 scontext=user_u:system_r:tzdata_t:s0 sgid=0 subj=user_u:system_r:tzdata_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:postfix_spool_t:s0 tty=(none) uid=0 Version-Release number of selected component (if applicable): selinux-policy-targeted-2.4.6-17.fc6 How reproducible: Always Steps to Reproduce: 1. sudo rpm -Uvh glibc-* nscd-2.5-10.fc6.x86_64.rpm Actual Results: Expected Results: Additional info:
Were you sitting in the /var/spool/postfix directory when you did the rpm?
I saw the same and I was in my user home directory when I executed sudo yum update.
No, but on line 534 in ./glibc-2.5-20061008T1257/fedora/tzdata-update.c there is a reference to /var/spool/postfix/etc/localtime. I'm not quite sure what tzdata-update is supposed to be doing, but I suspect this line is causing the denial. Now whether tzdata-update should be messing with postfix files or not is another question...
Fixed in selinux-policy-2.4.6-25
This bug should be closed!
In deed.