Description of problem: Source Context system_u:system_r:openct_t:s0 Target Context system_u:object_r:openct_var_run_t:s0 Target Objects None [ sock_file ] Affected RPM Packages openct-0.6.14-3.fc8 [application] Policy RPM selinux-policy-3.0.8-44.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name plugins.catchall_file Host Name pullo Platform Linux pullo 2.6.23.1-42.fc8 #1 SMP Tue Oct 30 13:18:33 EDT 2007 x86_64 x86_64 Alert Count 1 First Seen Sat Nov 10 15:38:49 2007 Last Seen Sat Nov 10 15:38:49 2007 Local ID ad979835-ad85-48f9-9677-429e5b022608 Line Numbers Raw Audit Messages avc: denied { unlink } for comm=ifdhandler dev=sda3 egid=0 euid=0 exe=/usr/sbin/ifdhandler exit=0 fsgid=0 fsuid=0 gid=0 items=0 name=0 pid=23418 scontext=system_u:system_r:openct_t:s0 sgid=0 subj=system_u:system_r:openct_t:s0 suid=0 tclass=sock_file tcontext=system_u:object_r:openct_var_run_t:s0 tty=ttyUSB0 uid=0 Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. configure /etc/openct.conf for your choice of reader 2. service openct start 3. in my reader, lamp won't lit even the card is placed. Logs contain avc Actual results: with setenforce 0 everything works as expected. Expected results: Lit lamp :) Additional info: # rpm -q openct openct-0.6.14-3.fc8 openct-0.6.14-3.fc8 When do we get rid of yum? It sucks.
Fixed in selinux-policy-3.0.8-52.fc8
# rpm -Uvh selinux-policy-* Preparing... ########################################### [100%] 1:selinux-policy ########################################### [ 50%] 2:selinux-policy-targeted########################################### [100%] # rpm -q selinux-policy selinux-policy-targeted selinux-policy-3.0.8-52.fc8 selinux-policy-targeted-3.0.8-52.fc8 # service openct status ifdhandler is stopped Waiting for reader attach/detach events... # service openct start Initializing OpenCT smart card terminals: [ OK ] Now lamp got lit and my firefox with pkcs11 plugin works. Thanks, you can close this one. :)
Bulk closing a old selinux policy bugs that were in the modified state. If the bug is still not fixed. Please reopen.