Summary: SELinux is preventing updatedb (locate_t) "getattr" to /home/rodd/.vmware (unlabeled_t). Detailed Description: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux denied access requested by updatedb. It is not expected that this access is required by updatedb and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /home/rodd/.vmware, restorecon -v '/home/rodd/.vmware' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:locate_t:s0 Target Context system_u:object_r:unlabeled_t:s0 Target Objects /home/rodd/.vmware [ dir ] Source updatedb Source Path /usr/bin/updatedb Port <Unknown> Host localhost.localdomain Source RPM Packages mlocate-0.20-1 Target RPM Packages Policy RPM selinux-policy-3.3.1-62.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name catchall_file Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.25.4-30.fc9.i686 #1 SMP Wed May 21 18:12:35 EDT 2008 i686 i686 Alert Count 3 First Seen Wed 28 May 2008 08:18:25 PM EST Last Seen Mon 09 Jun 2008 01:33:20 PM EST Local ID 4f2c26ec-310c-455f-bf65-d78ad901c1a8 Line Numbers Raw Audit Messages host=localhost.localdomain type=AVC msg=audit(1212982400.660:59): avc: denied { getattr } for pid=8869 comm="updatedb" path="/home/rodd/.vmware" dev=sda6 ino=6933328 scontext=system_u:system_r:locate_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir host=localhost.localdomain type=SYSCALL msg=audit(1212982400.660:59): arch=40000003 syscall=196 success=yes exit=0 a0=93091b5 a1=bf8e57c8 a2=507ff4 a3=bf8e5948 items=0 ppid=8863 pid=8869 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:locate_t:s0 key=(null)
restorecon -R -v ~/ Should fix. Not sure how it got mislabeled.