Description of problem: I see these AVC Denials. I have installed Innotek VirtualBox but can't be sure if that is related to this issue. Summary SELinux is preventing tmpwatch (tmpreaper_t) "setattr" to <Unknown> (usr_t). Detailed Description SELinux denied access requested by tmpwatch. It is not expected that this access is required by tmpwatch and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for <Unknown>, restorecon -v <Unknown> If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:tmpreaper_t:s0 Target Context system_u:object_r:usr_t:s0 Target Objects None [ dir ] Affected RPM Packages Policy RPM selinux-policy-3.0.8-74.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall_file Host Name valent.oswireless Platform Linux valent.oswireless 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 15:49:59 EST 2007 i686 i686 Alert Count 7 First Seen Mon 21 Jan 2008 11:24:11 AM CET Last Seen Mon 21 Jan 2008 11:24:11 AM CET Local ID b1e3e2d9-d904-49b3-85f7-69ea95037029 Line Numbers Raw Audit Messages avc: denied { setattr } for comm=tmpwatch dev=sda6 name=iprt pid=10640 scontext=system_u:system_r:tmpreaper_t:s0 tclass=dir tcontext=system_u:object_r:usr_t:s0 Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
What is iprt?
# locate iprt /usr/share/virtualbox/src/include/iprt /usr/share/virtualbox/src/include/iprt/alloc.h /usr/share/virtualbox/src/include/iprt/asm.h /usr/share/virtualbox/src/include/iprt/assert.h /usr/share/virtualbox/src/include/iprt/avl.h /usr/share/virtualbox/src/include/iprt/cdefs.h /usr/share/virtualbox/src/include/iprt/err.h /usr/share/virtualbox/src/include/iprt/heap.h /usr/share/virtualbox/src/include/iprt/initterm.h /usr/share/virtualbox/src/include/iprt/log.h /usr/share/virtualbox/src/include/iprt/mem.h /usr/share/virtualbox/src/include/iprt/memobj.h /usr/share/virtualbox/src/include/iprt/nocrt /usr/share/virtualbox/src/include/iprt/param.h /usr/share/virtualbox/src/include/iprt/process.h /usr/share/virtualbox/src/include/iprt/semaphore.h /usr/share/virtualbox/src/include/iprt/spinlock.h /usr/share/virtualbox/src/include/iprt/stdarg.h /usr/share/virtualbox/src/include/iprt/stdint.h /usr/share/virtualbox/src/include/iprt/string.h /usr/share/virtualbox/src/include/iprt/thread.h /usr/share/virtualbox/src/include/iprt/time.h /usr/share/virtualbox/src/include/iprt/timer.h /usr/share/virtualbox/src/include/iprt/types.h /usr/share/virtualbox/src/include/iprt/nocrt/limits.h
Ok, why would tmpwatch be setattr in this directory?
have no idea, I'm just a VirtualBox user not a devel :(
Does either of these find anything find /tmp -name iprt fine /var/tmp -name iprt
# find /tmp -name iprt /tmp/vbox.0/include/iprt other doesn't find anything
So that looks like the file SELinux is complaining about. It is probably something left over from the vbox install. If you just remove the files, that AVC's should stop. Or it you chcon -R -t tmp_t /tmp/vbox.0 The tmpwatch will remove it for you.
Thanks. I removed it manually rmdir /tmp/vbox.0/include/iprt/nocrt/ rmdir /tmp/vbox.0/include/iprt/