Description of problem: bluez-utils attempts to read inotify during update, which is not allowed be the default SELinux policies. The following is the SELinux Troubleshooter report: Summary SELinux is preventing /usr/sbin/hcid (bluetooth_t) "read" to inotify (inotifyfs_t). Detailed Description SELinux denied access requested by /usr/sbin/hcid. It is not expected that this access is required by /usr/sbin/hcid and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for inotify, restorecon -v inotify If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:bluetooth_t Target Context system_u:object_r:inotifyfs_t Target Objects inotify [ dir ] Affected RPM Packages bluez-utils-3.9-1.fc7 [application] Policy RPM selinux-policy-2.5.10-2.fc7 Selinux Enabled True Policy Type targeted MLS Enabled False Enforcing Mode Enforcing Plugin Name plugins.catchall_file Host Name bryans-lt.vantage-payroll.com Platform Linux bryans-lt.vantage-payroll.com 2.6.20-1.3023.fc7 #1 SMP Sun Mar 25 22:12:02 EDT 2007 i686 athlon Alert Count 169 First Seen Wed 11 Apr 2007 02:14:43 PM PDT Last Seen Wed 11 Apr 2007 02:14:43 PM PDT Local ID 74899f31-ac7c-4ce1-8f16-125186901af1 Line Numbers Raw Audit Messages avc: denied { read } for comm="hcid" dev=inotifyfs egid=0 euid=0 exe="/usr/sbin/hcid" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="inotify" path="inotify" pid=2245 scontext=system_u:system_r:bluetooth_t:s0 sgid=0 subj=system_u:system_r:bluetooth_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:inotifyfs_t:s0 tty=(none) uid=0
Although it's far from obvious, all Fedora 7 test bugs should be filed against "devel", not "test#". Moving this, so it doesn't get lost. This has been a bulk message. We return you now to your regularly scheduled program, already in progress.
I was also hit by this. There is a hint to fix it in the "allowing Access" section: > Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for inotify, restorecon -v inotify ^^^^^^^^^^^^^^^^^^^^^ This worked for me - as root: restorecon -v /proc/sys/fs/inotify (voodoo?) I have no idea why it works, because apparently there is not security context on the directory: ls -dZ /proc/sys/fs/inotify dr-xr-xr-x root root /proc/sys/fs/inotify (this is on fc7-devel with all updates)
*** Bug 236189 has been marked as a duplicate of this bug. ***
This bug is fixed in the latest policy yum update selinux-policy