Description of problem: Summary: SELinux is preventing console-kit-dae (consolekit_t) "search" to ./PolicyKit-public (polkit_var_lib_t). Detailed Description: SELinux denied access requested by console-kit-dae. It is not expected that this access is required by console-kit-dae and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./PolicyKit-public, restorecon -v './PolicyKit-public' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:consolekit_t Target Context system_u:object_r:polkit_var_lib_t Target Objects ./PolicyKit-public [ dir ] Source console-kit-dae Source Path /usr/sbin/console-kit-daemon Port <Unknown> Host hubmaier.ceplovi.cz Source RPM Packages ConsoleKit-0.2.7-1.fc9 Target RPM Packages Policy RPM selinux-policy-3.2.6-2.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall_file Host Name hubmaier.ceplovi.cz Platform Linux hubmaier.ceplovi.cz 2.6.24-9.fc9 #1 SMP Tue Jan 29 17:45:59 EST 2008 x86_64 x86_64 Alert Count 3 First Seen Út 5. únor 2008, 10:54:20 CET Last Seen Út 5. únor 2008, 10:55:09 CET Local ID f9fdf51d-890e-491a-8d02-d8ccd55e1f6e Line Numbers Raw Audit Messages host=hubmaier.ceplovi.cz type=AVC msg=audit(1202205309.407:203): avc: denied { search } for pid=2669 comm="console-kit-dae" name="PolicyKit-public" dev=dm-1 ino=3673983 scontext=system_u:system_r:consolekit_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir host=hubmaier.ceplovi.cz type=SYSCALL msg=audit(1202205309.407:203): arch=c000003e syscall=2 success=no exit=-13 a0=6486e0 a1=0 a2=7fff69aea070 a3=8101010101010100 items=0 ppid=1 pid=2669 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon" subj=system_u:system_r:consolekit_t:s0 key=(null) Version-Release number of selected component (if applicable): ConsoleKit-0.2.7-1.fc9.x86_64 selinux-policy-targeted-3.2.6-2.fc9.noarch
./PolicyKit-public is probably /var/lib/PolicyKit-public, right, which is [matej@hubmaier ~]$ ls -lZd /var/lib/PolicyKit-public/ drwxrwxr-x polkituser polkituser system_u:object_r:polkit_var_lib_t /var/lib/PolicyKit-public/ [matej@hubmaier ~]$
Fixed in selinux-policy-3.2.6-4.fc9.noarch
...
CLosed as this should be fixed in rawhide. If this problem persists please reopen the bugzilla.