Description of problem: SELinux Management application generates this selinux alert: """ Summary SELinux is preventing the /usr/sbin/semodule from using potentially mislabeled files (/home/kostya/.xsession-errors). Detailed Description SELinux has denied /usr/sbin/semodule access to potentially mislabeled file(s) (/home/kostya/.xsession-errors). This means that SELinux will not allow /usr/sbin/semodule to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Allowing Access If you want /usr/sbin/semodule to access this files, you need to relabel them using restorecon -v /home/kostya/.xsession-errors. You might want to relabel the entire directory using restorecon -R -v /home/kostya. Additional Information Source Context system_u:system_r:semanage_t:s0 Target Context unconfined_u:object_r:unconfined_home_t:s0 Target Objects /home/kostya/.xsession-errors [ file ] Affected RPM Packages policycoreutils-2.0.31-7.fc8 [application] Policy RPM selinux-policy-3.0.8-44.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.home_tmp_bad_labels Host Name mireille.svist.lan Platform Linux mireille.svist.lan 2.6.23.1-42.fc8 #1 SMP Tue Oct 30 13:55:12 EDT 2007 i686 i686 Alert Count 4 First Seen Fri 09 Nov 2007 02:25:38 PM PST Last Seen Fri 09 Nov 2007 02:30:44 PM PST Local ID 2e73e8cf-0f69-443d-814d-6a1f20baf7a4 Line Numbers Raw Audit Messages avc: denied { write } for comm=semodule dev=sda9 egid=0 euid=0 exe=/usr/sbin/semodule exit=0 fsgid=0 fsuid=0 gid=0 items=0 path=/home/kostya /.xsession-errors pid=5235 scontext=system_u:system_r:semanage_t:s0 sgid=0 subj=system_u:system_r:semanage_t:s0 suid=0 tclass=file tcontext=unconfined_u:object_r:unconfined_home_t:s0 tty=(none) uid=0 """ The suggestion by setroubleshoot is to "restorecon -v /home/kostya/.xsession-errors" but that does nothing - after restarting SELinux Management application, the error appears again. How reproducible: Every time Steps to Reproduce: 1. Start SELinux Management (KDE Menu -> System -> SELinux Management) Actual results: Error appears Expected results: No errors
You can safely ignore this. I will don't audit it in the next version of policy Fixed in selinux-policy-3.0.8-51.fc8
Should I wait until the new policy is made available through yum repositories? Or is there a way of updating it somehow else?
selinux-policy-3.0.8-53.fc8 is available in Fedora Testing now.
updated to 3.0.8-52.fc8 using # yum update --enablerepo=updates-testing '*selinux*' This bug appears to be fixed, as you said. Should I close the bug now or wait for the release version to come out? From available options, guessing it should be "RELEASE_PENDING" but not changing it since I don't know how you do things around these parts ;)
closing