Description of problem: Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: Summary SELinux is preventing semanage (semanage_t) "create" to sitecustomize.copy (lib_t). Detailed Description SELinux denied access requested by semanage. It is not expected that this access is required by semanage and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for sitecustomize.pyc, restorecon -v sitecustomize.pyc If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq- fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:semanage_t Target Context system_u:object_r:lib_t Target Objects sitecustomize.pyc [ file ] Affected RPM Packages Policy RPM selinux-policy-2.6.4-38.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name plugins.catchall_file Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.20-2931.fc7xen #1 SMP Mon Aug 13 10:12:37 EDT 2007 i686 i686 Alert Count 1 First Seen Sat 25 Aug 2007 02:50:40 PM EDT Last Seen Sat 25 Aug 2007 02:50:40 PM EDT Local ID 33a500a4-1e5e-4881-a574-5ec598117841 Line Numbers Raw Audit Messages avc: denied { create } for comm="semanage" dev=dm-0 egid=0 euid=0 exe="/usr/bin/python" exit=6 fsgid=0 fsuid=0 gid=0 items=0 name="sitecustomize.pyc" pid=11337 scontext=system_u:system_r:semanage_t:s0 sgid=0 subj=system_u:system_r:semanage_t:s0 suid=0 tclass=file tcontext=system_u:object_r:lib_t:s0 tty=(none) uid=0
This is unusual. If you run python sitecustomize.copy This problem will go away. This is caused because no one has run you customized py script yet to create the pyc. semanage is not allowed to create these files, but once the file gets created it will work fine.
looks related to #243163, I'll reopen a try to address the missing .pyc files.
* Mon Aug 27 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 3.9.2-3 ... - don't set PYTHONOPTIMIZE, let brp-python-bytecompile do it's job, addresses selinux issues (#243163, #254421)
eric-3.9.2-3.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.