From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.9) Gecko/20071105 Fedora/2.0.0.9-1.fc7 Firefox/2.0.0.9 Description of problem: Summary SELinux is preventing /sbin/restorecon (restorecon_t) "write" to pipe:[57087] (rpm_t). Detailed Description SELinux denied access requested by /sbin/restorecon. It is not expected that this access is required by /sbin/restorecon and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:restorecon_t Target Context system_u:system_r:rpm_t Target Objects pipe:[57087] [ fifo_file ] Affected RPM Packages policycoreutils-2.0.16-15.fc7 [application] Policy RPM selinux-policy-2.6.4-49.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall Host Name urka1.urkanet Platform Linux urka1.urkanet 2.6.22.9-91.fc7 #1 SMP Thu Sep 27 23:10:59 EDT 2007 i686 i686 Alert Count 2 First Seen Do 22 Nov 2007 12:27:01 CET Last Seen Do 22 Nov 2007 12:27:01 CET Local ID 77cf2957-0e96-4122-97f3-50e157f75240 Line Numbers Raw Audit Messages avc: denied { write } for comm="restorecon" dev=pipefs egid=0 euid=0 exe="/sbin/restorecon" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="" path="pipe:[57087]" pid=8812 scontext=system_u:system_r:restorecon_t:s0 sgid=0 subj=system_u:system_r:restorecon_t:s0 suid=0 tclass=fifo_file tcontext=system_u:system_r:rpm_t:s0 tty=(none) uid=0 Version-Release number of selected component (if applicable): policycoreutils-2.0.16-15.fc7 [application]; selinux-policy-2.6.4-49.fc7 How reproducible: Always Steps to Reproduce: 1. After each resume from disk ? 2. 3. Actual Results: Setroubleshot-Browser shows message Expected Results: Don't know. Nothing? Additional info:
You can allow this for now by executing # audit2allow -M mypol -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-2.6.4-59.fc7
Bulk closing all bugs in Fedora updates in the modified state. If you bug is not fixed, please reopen.