With the update to selinux-policy-3.0.8-84.fc8, I get AVC denials for uux which is run by uucico which I run from a cronjob: --- 8< --- Summary SELinux is preventing /usr/bin/uux (uux_t) "read write" to anon_inode (anon_inodefs_t). Detailed Description SELinux denied access requested by /usr/bin/uux. It is not expected that this access is required by /usr/bin/uux and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for anon_inode, restorecon -v anon_inode If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:uux_t:s0 Target Context system_u:object_r:anon_inodefs_t:s0 Target Objects anon_inode [ file ] Affected RPM Packages uucp-1.07-16.fc8 [application] Policy RPM selinux-policy-3.0.8-84.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall_file Host Name wombat Platform Linux wombat 2.6.23.15-137.fc8 #1 SMP Sun Feb 10 17:03:13 EST 2008 x86_64 x86_64 Alert Count 120 First Seen Tue 22 Jan 2008 09:19:20 AM CET Last Seen Wed 20 Feb 2008 11:17:45 AM CET Local ID c1b9dd66-db33-4b2a-8949-a9b8d4cb22ed Line Numbers Raw Audit Messages avc: denied { read write } for comm=uux dev=anon_inodefs egid=14 euid=10 exe=/usr/bin/uux exit=0 fsgid=14 fsuid=10 gid=14 items=0 path=anon_inode:[eventpoll] pid=8519 scontext=system_u:system_r:uux_t:s0 sgid=14 subj=system_u:system_r:uux_t:s0 suid=10 tclass=file tcontext=system_u:object_r:anon_inodefs_t:s0 tty=(none) uid=10 --- >8 ---
I'll fix it.
You can allow this for now by executing # audit2allow -M mypol -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-3.0.8-89.fc8
User jkubin's account has been closed
Closing all bugs that have been in modified for over a month. Please reopen if the bug is not actually fixed.