Description of problem: I'm getting the following violation when trying to start the tor daemon in rawhide. Summary: SELinux is preventing tor (tor_t) "setgid" to <Unknown> (tor_t). Detailed Description: SELinux denied access requested by tor. It is not expected that this access is required by tor and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context unconfined_u:system_r:tor_t:s0 Target Context unconfined_u:system_r:tor_t:s0 Target Objects None [ capability ] Source tor Source Path /usr/bin/tor Port <Unknown> Host x300 Source RPM Packages tor-core-0.1.2.19-1.fc9 Target RPM Packages Policy RPM selinux-policy-3.3.1-35.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name x300 Platform Linux x300 2.6.25-1.fc9.x86_64 #1 SMP Thu Apr 17 01:11:31 EDT 2008 x86_64 x86_64 Alert Count 1 First Seen Fri 25 Apr 2008 01:33:02 PM EDT Last Seen Fri 25 Apr 2008 01:33:02 PM EDT Local ID dd9f4de3-6683-4ce8-9542-d3a9df5c7896 Line Numbers Raw Audit Messages host=x300 type=AVC msg=audit(1209144782.512:273): avc: denied { setgid } for pid=13350 comm="tor" capability=6 scontext=unconfined_u:system_r:tor_t:s0 tcontext=unconfined_u:system_r:tor_t:s0 tclass=capability host=x300 type=SYSCALL msg=audit(1209144782.512:273): arch=c000003e syscall=116 success=no exit=-1 a0=0 a1=0 a2=1300db0 a3=7fffd6516900 items=0 ppid=13349 pid=13350 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="tor" exe="/usr/bin/tor" subj=unconfined_u:system_r:tor_t:s0 key=(null) Version-Release number of selected component (if applicable): tor-0.1.2.19-1.fc9.x86_64 selinux-policy-3.3.1-35.fc9.noarch
Fixed in selinux-policy-3.3.1-42.fc9.noarch