Description of problem: I'm only seeing this on the F10 machine I upgraded via yum, so something may be out of whack here too. Getting this every time sadc runs: Jan 16 08:30:02 saga kernel: type=1400 audit(0.000:41693): avc: denied { read } for pid=19616 comm="sadc" path="inotify" dev=inotifyfs ino=1 scontext=system_u:system_r:sysstat_t:s0-s0:c0.c1023 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir Version-Release number of selected component (if applicable): selinux-policy-3.5.13-38.fc10.noarch kernel-2.6.27.9-159.fc10.i686
Orion, probably you need to update selinux-policy-targeted too. My version of policy: # rpm -q selinux-policy-targeted selinux-policy selinux-policy-targeted-3.5.13-38.fc10.noarch selinux-policy-3.5.13-38.fc10.noarch
Orion, try yum reinstall selinux-policy-targeted And see if this adds the rule. # rpm -q selinux-policy-targeted selinux-policy-targeted-3.5.13-38.fc10.noarch # sesearch --allow -s sysstat_t -t inotifyfs_t WARNING: This policy contained disabled aliases; they have been removed. Found 1 semantic av rules: allow sysstat_t inotifyfs_t : dir { ioctl read getattr lock search } ;
Thanks, I think that will clean a bunch of things up. Didn't know about yum reinstall.