Summary: Summary: SELinux is preventing nm-system-setti (NetworkManager_t) "getattr" to /dev/root (fixed_disk_device_t). Detailed Description: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux denied access requested by nm-system-setti. It is not expected that this access is required by nm-system-setti and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /dev/root, restorecon -v '/dev/root' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:NetworkManager_t:SystemLow- SystemHigh Target Context system_u:object_r:fixed_disk_device_t Target Objects /dev/root [ blk_file ] Source nm-system-setti Source Path /usr/sbin/nm-system-settings Port <Unknown> Host core2.localdomain Source RPM Packages NetworkManager-0.7.0-0.9.4.svn3675.fc9 Target RPM Packages Policy RPM selinux-policy-3.3.1-64.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name catchall_file Host Name core2.localdomain Platform Linux core2.localdomain 2.6.25.6-55.fc9.i686 #1 SMP Tue Jun 10 16:27:49 EDT 2008 i686 i686 Alert Count 3 First Seen Sun 15 Jun 2008 09:13:23 AM EST Last Seen Mon 16 Jun 2008 10:09:12 AM EST Local ID 54e30550-9e1a-4446-aba4-75bf031c51fd Line Numbers Raw Audit Messages host=core2.localdomain type=AVC msg=audit(1213574952.149:13): avc: denied { getattr } for pid=3870 comm="nm-system-setti" path="/dev/root" dev=tmpfs ino=349 scontext=system_u:system_r:NetworkManager_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file host=core2.localdomain type=SYSCALL msg=audit(1213574952.149:13): arch=40000003 syscall=195 success=yes exit=0 a0=79b467d a1=bfc7d5ec a2=5aaff4 a3=79b467d items=0 ppid=1 pid=3870 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nm-system-setti" exe="/usr/sbin/nm-system-settings" subj=system_u:system_r:NetworkManager_t:s0-s0:c0.c1023 key=(null)
Fixed in selinux-policy-3.3.1-67
Closing all bugs that have been in modified for over a month. Please reopen if the bug is not actually fixed.