Description of problem: Summary SELinux is preventing /usr/bin/nautilus (unconfined_t) "write" to <Unknown> (sysctl_irq_t). Detailed Description SELinux denied access requested by /usr/bin/nautilus. It is not expected that this access is required by /usr/bin/nautilus and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for <Unknown>, restorecon -v <Unknown> If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:unconfined_t:s0-s0:c0.c1023 Target Context system_u:object_r:sysctl_irq_t:s0 Target Objects None [ dir ] Affected RPM Packages nautilus-2.20.0-6.fc8 [application] Policy RPM selinux-policy-3.0.8-72.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name plugins.catchall_file Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 15:49:59 EST 2007 i686 athlon Alert Count 1 First Seen Thu 10 Jan 2008 05:35:33 PM EST Last Seen Thu 10 Jan 2008 05:35:33 PM EST Local ID 9ba1631f-7f47-48d9-b472-70f27bc8b44a Line Numbers Raw Audit Messages avc: denied { write } for comm=nautilus dev=proc egid=0 euid=0 exe=/usr/bin/nautilus exit=0 fsgid=0 fsuid=0 gid=0 items=0 name=irq pid=3078 scontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:unconfined_t:s0-s0:c0.c1023 suid=0 tclass=dir tcontext=system_u:object_r:sysctl_irq_t:s0 tty=(none) uid=0 Version-Release number of selected component (if applicable): See above How reproducible: Each time attempted in a fresh session Steps to Reproduce: 1. Open File Browser 2. Navigate to / 3. Click on /proc (or the arrow to the left of) Actual results: The above bug report info in the SELinux Troubleshooter is pasted above it its entirety. Expected results: Want to see contents of /proc! Additional info: Won't replicate by clicking on proc again in the same session, must at least restart the session.
Fixed in selinux-policy-3.0.8-75.fc8
Bugs have been in modified for over one month. Closing as fixed in current release please reopen if the problem still persists.