Summary SELinux is preventing /usr/libexec/pam-keyring-tool (xdm_t) "ipc_lock" to <Unknown> (xdm_t). Detailed Description SELinux denied access requested by /usr/libexec/pam-keyring-tool. It is not expected that this access is required by /usr/libexec/pam-keyring-tool and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Objects None [ capability ] Affected RPM Packages pam_keyring-0.0.9-1.fc8 [application] Policy RPM selinux-policy-3.0.8-56.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall Host Name PHLaptop Platform Linux PHLaptop 2.6.23.1-49.fc8 #1 SMP Thu Nov 8 21:41:26 EST 2007 i686 i686 Alert Count 2 First Seen Sun 25 Nov 2007 20:06:39 GMT Last Seen Sun 25 Nov 2007 20:06:39 GMT Local ID f0167dd0-2c64-4196-b21c-5a652d76a834 Line Numbers Raw Audit Messages avc: denied { ipc_lock } for comm=pam-keyring-too egid=0 euid=0 exe=/usr/libexec /pam-keyring-tool exit=0 fsgid=0 fsuid=0 gid=0 items=0 pid=2761 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 suid=0 tclass=capability tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tty=(none) uid=0
You can allow this for now by executing # audit2allow -M mypol -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-3.0.8-62.fc8
Bulk closing all bugs in Fedora updates in the modified state. If you bug is not fixed, please reopen.