Description of problem: Summary: SELinux is preventing tmpwatch (tmpreaper_t) "setattr" to ./pdftex (var_lib_t). Detailed Description: SELinux denied access requested by tmpwatch. It is not expected that this access is required by tmpwatch and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./pdftex, restorecon -v './pdftex' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:tmpreaper_t:s0 Target Context system_u:object_r:var_lib_t:s0 Target Objects ./pdftex [ dir ] Source tmpwatch Source Path /usr/sbin/tmpwatch Port <Unknown> Host localhost.localdomain Source RPM Packages tmpwatch-2.9.13-2 Target RPM Packages Policy RPM selinux-policy-3.3.1-42.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall_file Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.25-8.fc9.x86_64 #1 SMP Wed Apr 23 03:20:41 EDT 2008 x86_64 x86_64 Alert Count 4 First Seen Sat 26 Apr 2008 07:35:43 PM CDT Last Seen Wed 30 Apr 2008 07:53:27 PM CDT Local ID 724f3df5-9957-43c1-bbc2-bb0782ff64e7 Line Numbers Raw Audit Messages host=localhost.localdomain type=AVC msg=audit(1209603207.390:25): avc: denied { setattr } for pid=7964 comm="tmpwatch" name="pdftex" dev=dm-2 ino=1687637 scontext=system_u:system_r:tmpreaper_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir host=localhost.localdomain type=SYSCALL msg=audit(1209603207.390:25): arch=c000003e syscall=132 success=no exit=-13 a0=4030ba a1=7fffbb3df940 a2=33ef167a60 a3=33ef167a58 items=0 ppid=7962 pid=7964 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0 key=(null) Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. This happens daily on my x86_64 F9 preview + updates box 2. 3. Actual results: Expected results: no setroubleshoot reports Additional info: I think when the man pages /documents are being made as a cronjob, this directory gets made in /tmp/pdftex, which tmpwatch is denied permission to look in, while looking for files to clean up.
i saw three of these all related to tmpwatch with today's rawhide 20080430... system is reinstalling so I don't have AVCs handy
These are caused by texlive-texmf not handling labelling correctly. restorecon -R -v /var/lib will fix texlive-texmf needs to fix the labels in its post install.
*** This bug has been marked as a duplicate of 444922 ***