Description of problem: anytime, start a kde-based program (e.g. kpdf, amorok,) in gnome desktop of fedora 8, a selinux pop-up window will show up at the taskbar area, saying "Selinux: AVC deniel, click to view" here is the detail information if I click to view (by now, I have 7784 count for this selinux avc deniel message): "Summary SELinux is preventing /usr/bin/kbuildsycoca from creating a file with a context of unlabeled_t on a filesystem. Detailed Description SELinux is preventing /usr/bin/kbuildsycoca from creating a file with a context of unlabeled_t on a filesystem. Usually this happens when you ask the cp command to maintain the context of a file when copying between file systems, "cp -a" for example. Not all file contexts should be maintained between the file systems. For example, a read-only file type like iso9660_t should not be placed on a r/w system. "cp -P" might be a better solution, as this will adopt the default file context for the destination. Allowing Access Use a command like "cp -P" to preserve all permissions except SELinux context. Additional Information Source Context system_u:object_r:unlabeled_t:s0 Target Context system_u:object_r:fs_t:s0 Target Objects None [ filesystem ] Affected RPM Packages kdelibs-3.5.8-19.fc8 [application] Policy RPM selinux-policy-3.0.8-81.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.filesystem_associate Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.23.15-137.fc8 #1 SMP Sun Feb 10 17:48:34 EST 2008 i686 i686 Alert Count 7538 First Seen Thu 03 Jan 2008 09:38:56 PM EST Last Seen Wed 13 Feb 2008 06:04:13 PM EST Local ID 7c647c83-a7f2-46cc-a45d-828f73bdbfde Line Numbers Raw Audit Messages avc: denied { associate } for comm=kbuildsycoca egid=0 euid=500 exe=/usr/bin/kbuildsycoca exit=-13 fsgid=0 fsuid=500 gid=0 items=0 name=ksycocaGprnua.new pid=3799 scontext=system_u:object_r:unlabeled_t:s0 sgid=0 subj=system_u:system_r:unconfined_t:s0 suid=500 tclass=filesystem tcontext=system_u:object_r:fs_t:s0 tty=(none) uid=500 " Version-Release number of selected component (if applicable): How reproducible: use kpdf to open any pdf, or start amorak in gnome desktop in fedora 8 Steps to Reproduce: 1. 2. 3. Actual results: the setroubleshoot service will stop by itself sometime later after OS start-up. Expected results: Additional info:
This looks like you have a file system that we don't know about. unlabeled_t means the kernel does not how to label the file system. Could you attach the output of df?
also can you collect: cat /proc/mounts dmesg
I had exactly the same problem on my system. Here is how I solved it. I tried running my KDE program(k3b) from the terminal window...and the error there was kbuildsycoca had problem creating a file in /tmp/kdecache-root. I checked in /tmp and the directory did not exist. I created this directory and presto all the errors vanish(the command line error as well as the SELinux one) So I dont think this really is an SELinux issue as such...though I am not quite sure why the kdecache-root had to be manually recreated. Hope this helps.
I also had the same problem, specifically when using the menu editor. I discovered that on my machine the missing directory was in /var/tmp, not /tmp. When I created /var/tmp/kdecache-<username> everything worked fine.
This message is a reminder that Fedora 8 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 8. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '8'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 8's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 8 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Does this still happen with the KDE 3.5.10 updates? Or when running a KDE 3 app in F9 or F10? The KDE 3 kbuildsycoca still exists there.
Fedora 8 changed to end-of-life (EOL) status on 2009-01-07. Fedora 8 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days