Description of problem: Installing todays updates. Fedora 8 system on i686 box. New versions of selinux drove semanager wild, 32 denials shown by selinuxtroubleshooter Version-Release number of selected component (if applicable): See below, snipped from the troubleshooters screen. How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: from setroubleshooter's screen: Source Context: system_u:system_r:semanage_t:s0Target Context: system_u:system_r:semanage_t:s0Target Objects: None [ capability ]Source: semanageSource Path: /usr/bin/pythonPort: <Unknown>Host: coyote.coyote.denSource RPM Packages: python-2.5.1-15.fc8Target RPM Packages: Policy RPM: selinux-policy-3.0.8-109.fc8Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: EnforcingPlugin Name: catchallHost Name: coyote.coyote.denPlatform: Linux coyote.coyote.den 2.6.26-rc4 #1 PREEMPT Mon May 26 16:26:36 EDT 2008 i686 athlonAlert Count: 35First Seen: Thu 03 Apr 2008 07:25:10 PM EDTLast Seen: Wed 04 Jun 2008 03:41:09 PM EDTLocal ID: 392eafd9-66b9-48a6-8522-1660a81ce85e Line Numbers: Raw Audit Messages :host=coyote.coyote.den type=AVC msg=audit(1212608469.430:3233): avc: denied { sys_tty_config } for pid=29804 comm="semanage" capability=26 scontext=system_u:system_r:semanage_t:s0 tcontext=system_u:system_r:semanage_t:s0 tclass=capability host=coyote.coyote.den type=SYSCALL msg=audit(1212608469.430:3233): arch=40000003 syscall=54 success=yes exit=0 a0=1 a1=5401 a2=bf86d45c a3=bf86d57c items=0 ppid=29800 pid=29804 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="semanage" exe="/usr/bin/python" subj=system_u:system_r:semanage_t:s0 key=(null) So I don't know if selinux is working after the upgrade or not. In any event, I am well protected by the router from outside attacks.
You can allow this for now. # audit2allow -M mypol -l -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-3.3.1-75.fc9.noarch
Closing all bugs that have been in modified for over a month. Please reopen if the bug is not actually fixed.