Description of problem: Souhrn: SELinux is preventing bitlbee (bitlbee_t) "read" to ./localtime (locale_t). Podrobný popis: SELinux denied access requested by bitlbee. It is not expected that this access is required by bitlbee and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Povolení přístupu: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./localtime, restorecon -v './localtime' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Další informace: Kontext zdroje system_u:system_r:bitlbee_t:SystemLow-SystemHigh Kontext cíle system_u:object_r:locale_t Objekty cíle ./localtime [ file ] Zdroj bitlbee Cesta zdroje /usr/sbin/bitlbee Port <Neznámé> Počítač hubmaier.ceplovi.cz RPM balíčky zdroje bitlbee-1.1dev-1.bzr290.1.fc9 RPM balíčky cíle RPM politiky selinux-policy-3.3.1-9.fc9 Selinux povolen True Typ politiky targeted MLS povoleno True Vynucovací režim Enforcing Název zásuvného modulu catchall_file Název počítače hubmaier.ceplovi.cz Platforma Linux hubmaier.ceplovi.cz 2.6.25-0.81.rc3.git2.fc9 #1 SMP Sun Mar 2 01:04:02 EST 2008 x86_64 x86_64 Počet uporoznění 12 Poprvé viděno Po 3. březen 2008, 16:03:16 CET Naposledy viděno Po 3. březen 2008, 16:24:15 CET Místní ID a77b174e-3dc5-479a-985b-c04232ddbc3f Čísla řádků Původní zprávy auditu host=hubmaier.ceplovi.cz type=AVC msg=audit(1204557855.170:493): avc: denied { read } for pid=17482 comm="bitlbee" name="localtime" dev=dm-1 ino=949395 scontext=system_u:system_r:bitlbee_t:s0-s0:c0.c1023 tcontext=system_u:object_r:locale_t:s0 tclass=file host=hubmaier.ceplovi.cz type=SYSCALL msg=audit(1204557855.170:493): arch=c000003e syscall=2 success=no exit=-13 a0=3d3b3386fd a1=0 a2=1b6 a3=7ff6e0327780 items=0 ppid=2497 pid=17482 auid=4294967295 uid=100 gid=106 euid=100 suid=100 fsuid=100 egid=106 sgid=106 fsgid=106 tty=(none) ses=4294967295 comm="bitlbee" exe="/usr/sbin/bitlbee" subj=system_u:system_r:bitlbee_t:s0-s0:c0.c1023 key=(null) Version-Release number of selected component (if applicable): bitlbee-1.1dev-1.bzr290.1.fc9.x86_64 selinux-policy-targeted-3.3.1-9.fc9.noarch
Fixed in selinux-policy-3.3.1-10.fc9
bitlbee-1.1dev-1.bzr290.1.fc9 is not in Rawhide thus unsupported.
1.1 is unstable, it can change its behaviour at any time. Does the same thing appear with 1.0 branch as well?
Well this access is allowed in almost every confined domain, so whether or not the current release needs it, I am sure future releases will.