From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.10) Gecko/20070226 Fedora/1.5.0.10-1.fc6 Firefox/1.5.0.10 pango-text Description of problem: Running sudo /sbin/restorecon -v /bin/umount yields the following avc denial: Source Context: user_u:system_r:restorecon_t Target Context: system_u:object_r:security_t Target Objects: / [ filesystem ] Affected RPM Packages: policycoreutils-1.34.1-4.fc6 [application]filesystem-2.4.0-1 [target] Policy RPM: selinux-policy-2.4.6-41.fc6 Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: Enforcing Plugin Name: plugins.catchall Host Name: localhost.localdomain Platform: Linux localhost.localdomain 2.6.19-1.2911.6.5.fc6 #1 SMP Sun Mar 4 16:05:34 EST 2007 x86_64 x86_64 Alert Count: 3 Line Numbers: Raw Audit Messages :avc: denied { getattr } for comm="restorecon" dev=selinuxfs egid=0 euid=0 exe="/sbin/restorecon" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="/" pid=26977 scontext=user_u:system_r:restorecon_t:s0 sgid=0 subj=user_u:system_r:restorecon_t:s0 suid=0 tclass=filesystem tcontext=system_u:object_r:security_t:s0 tty=pts1 uid=0 Version-Release number of selected component (if applicable): policycoreutils-1.34.1-4.fc6 How reproducible: Always Steps to Reproduce: 1. /sbin/restorecon -v /bin/umount Actual Results: Expected Results: Additional info:
This was actually caused by a change in behaviour in libselinux-2.0.5-2.fc7 which was accounted for in selinux-policy-2.5.6-1.fc7. Don't mind me...