Description of problem: SETroubleshooter shows an avc message for updatedb as detailed in the attached report. Version-Release number of selected component (if applicable): mlocate-0.16 selinux-policy-targeted-2.5.11-5 How reproducible: unknown Steps to Reproduce: 1. 2. 3. Actual results: avc report as attached Expected results: no avc report Additional info: work1.private: rawhide of 2007-04-09 default install (no updates or extras yet) Celeron(Coppermine) @600MHz MSI mobo VIA chipset 160MB Maxtor PATA drive Trident video + ATI video (dual head) RTL NIC etc.
Created attachment 152184 [details] SETroubleshooter report
Related to #234827 - updatedb needs to perform realpath() on all mount points. Thus, at least lstat () should be allowed for _all possible_ mount point contexts; if there is another mount point in the subtree, updatedb should have the permission necessary to lookup the mount point path within the subtree.
Fixed in selinux-policy-2.6.4-4.fc7
Should be fixed in the current release