Souhrn: SELinux is preventing tmpwatch (tmpreaper_t) "getattr" to /tmp/Xorg.0.log.old (xserver_log_t). Podrobný popis: SELinux denied access requested by tmpwatch. It is not expected that this access is required by tmpwatch and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Povolení přístupu: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /tmp/Xorg.0.log.old, restorecon -v '/tmp/Xorg.0.log.old' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Další informace: Kontext zdroje system_u:system_r:tmpreaper_t Kontext cíle system_u:object_r:xserver_log_t Objekty cíle /tmp/Xorg.0.log.old [ file ] Zdroj tmpwatch Cesta zdroje /usr/sbin/tmpwatch Port <Neznámé> Počítač viklef RPM balíčky zdroje tmpwatch-2.9.13-2 RPM balíčky cíle RPM politiky selinux-policy-3.3.1-79.fc9 Selinux povolen True Typ politiky targeted MLS povoleno True Vynucovací režim Enforcing Název zásuvného modulu catchall_file Název počítače viklef Platforma Linux viklef 2.6.25.11-97.fc9.i686 #1 SMP Mon Jul 21 01:31:09 EDT 2008 i686 i686 Počet upozornění 1 Poprvé viděno Čt 31. červenec 2008, 11:09:40 CEST Naposledy viděno Čt 31. červenec 2008, 11:09:40 CEST Místní ID 1802c013-062e-4e2c-b451-1f64ec63e44c Čísla řádků Původní zprávy auditu host=viklef type=AVC msg=audit(1217495380.792:418): avc: denied { getattr } for pid=14422 comm="tmpwatch" path="/tmp/Xorg.0.log.old" dev=tmpfs ino=54243 scontext=system_u:system_r:tmpreaper_t:s0 tcontext=system_u:object_r:xserver_log_t:s0 tclass=file host=viklef type=SYSCALL msg=audit(1217495380.792:418): arch=40000003 syscall=196 success=no exit=-13 a0=96bf273 a1=bfbfef54 a2=2eeff4 a3=96bf273 items=0 ppid=14420 pid=14422 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0 key=(null) My current audit.log is in the attachment 313259 [details]
Thanks for your report. This can't be fixed in tmpwatch. I just wonder why is Xorg.0.log in /tmp; using gdm, I have it in /var/log. Are you perhaps using startx?
Shut, this is stupid, of course. Just copied those log files to /tmp to chown them etc. before posting to web (to communicate with our guys, why something doesn'ŧ work). This is quite certainly NOTABUG.
You copied with preserving context or moved them to this directory. The problem here is that tmpreaper is not able to remove files placed in tmp with unexpected context. So you can change the context of these files or we can remove the confinement of tmpwatch (tmpreaper_t). I will remove the confinement of tmpreaper Fixed in selinux-policy-3.3.1-84.fc9