sorry if any of the below info is not needed. I am a Linux newbie. for convenience, I have placed stars ****** between groups of copied text of multiple messages pertaining to the selinux errors, as they all apply to the Package Kit. I thought this would be easier for you rather than filing a ton of separate bug reports. SELinux denied access requested by /usr/sbin/packagekitd. It is not expected that this access is required by /usr/sbin/packagekitd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing AccessSometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /var/lib/PackageKit/transactions.db, restorecon -v /var/lib/PackageKit/transactions.db If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package. Additional InformationSource Context: system_u:system_r:system_dbusd_t:s0Target Context: system_u:object_r:var_lib_t:s0Target Objects: /var/lib/PackageKit/transactions.db [ file ] Affected RPM Packages: PackageKit-0.1.9-1.fc9 [application]PackageKit-0.1.9-1.fc9 [target]Policy RPM: selinux-policy-3.0.8-44.fc8Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: PermissivePlugin Name: plugins.catchall_fileHost Name: localhost.localdomainPlatform: Linux localhost.localdomain 2.6.23.1-42.fc8 #1 SMP Tue Oct 30 13:55:12 EDT 2007 i686 athlonAlert Count: 2 First Seen: Sun 16 Mar 2008 01:51:12 PM EDT Last Seen: Mon 17 Mar 2008 07:15:39 AM EDT Local ID: 91e3152f-8edd-402e-9c49-68353f68202d Line Numbers: Raw Audit Messages :avc: denied { getattr } for comm=packagekitd dev=sda2 egid=0 euid=0 exe=/usr/sbin/packagekitd exit=0 fsgid=0 fsuid=0 gid=0 items=0 path=/var/lib/PackageKit/transactions.db pid=15836 scontext=system_u:system_r:system_dbusd_t:s0 sgid=0 subj=system_u:system_r:system_dbusd_t:s0 suid=0 tclass=file tcontext=system_u:object_r:var_lib_t:s0 tty=(none) uid=0 **************************** Source Context: system_u:system_r:system_dbusd_t:s0Target Context: system_u:object_r:inotifyfs_t:s0Target Objects: None [ dir ]Affected RPM Packages: PackageKit-0.1.9-1.fc9 [application]Policy RPM: selinux-policy-3.0.8-44.fc8Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: PermissivePlugin Name: plugins.catchall_fileHost Name: localhost.localdomainPlatform: Linux localhost.localdomain 2.6.23.1-42.fc8 #1 SMP Tue Oct 30 13:55:12 EDT 2007 i686 athlonAlert Count: 3First Seen: Sun 16 Mar 2008 01:51:12 PM EDTLast Seen: Mon 17 Mar 2008 07:32:47 AM EDTLocal ID: abe2b53a-be68-4a3d-b6ed-0fbfa32205b2Line Numbers: Raw Audit Messages :avc: denied { getattr } for comm=packagekitd dev=inotifyfs egid=0 euid=0 exe=/usr/sbin/packagekitd exit=0 fsgid=0 fsuid=0 gid=0 items=0 path=inotify pid=16058 scontext=system_u:system_r:system_dbusd_t:s0 sgid=0 subj=system_u:system_r:system_dbusd_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:inotifyfs_t:s0 tty=(none) uid=0 ********************** Raw Audit Messages :avc: denied { getsched } for comm=packagekitd egid=0 euid=0 exe=/usr/sbin/packagekitd exit=0 fsgid=0 fsuid=0 gid=0 items=0 pid=15962 scontext=system_u:system_r:system_dbusd_t:s0 sgid=0 subj=system_u:system_r:system_dbusd_t:s0 suid=0 tclass=process tcontext=system_u:system_r:system_dbusd_t:s0 tty=(none) uid=0 ******************
It looks like these rules just need to be added to the pk selinux rules. Dan, is this enough information for you to add the rules?
You have a fedora 8 policy installed in Rawhide. You need to upgrade your policy yum upgrade selinux-policy-targeted