Description of problem: This is a xen guest. type=1400 audit(1234799964.375:4): avc: denied { sys_tty_config } for pid=1106 comm="sa1" capability=26 scontext=system_u:system_r:sysstat_t:s0 tcontext=system_u:system_r:sysstat_t:s0 tclass=capability type=1400 audit(1234799968.846:5): avc: denied { read write } for pid=1272 comm="console-kit-dae" path="socket:[5692]" dev=sockfs ino=5692 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=tcp_socket type=1400 audit(1234799972.086:6): avc: denied { read write } for pid=1412 comm="wpa_supplicant" path="socket:[5692]" dev=sockfs ino=5692 scontext=system_u:system_r:NetworkManager_t:s0-s0:c0.c1023 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=tcp_socket type=1400 audit(1234799972.149:7): avc: denied { read write } for pid=1414 comm="nm-system-setti" path="socket:[5692]" dev=sockfs ino=5692 scontext=system_u:system_r:NetworkManager_t:s0-s0:c0.c1023 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=tcp_socket Version-Release number of selected component (if applicable): selinux-policy-3.6.5-3.fc11.noarch
Looks like dbus is leaking an open file descriptor. Do you use ldap for passwd/usernames? The two tcp_socket avc's are leaked file descriptors. allow sysstat_t self:capability sys_tty_config; Fixed in selinux-policy-3.6.6-1.fc11
Yes, I use ldap. Need to reassign to dbus?
Nope this is a nss_ldap problem, that is supposed to be fixed.
(In reply to comment #3) > Nope this is a nss_ldap problem, that is supposed to be fixed. Which version of that package is installed?
nss_ldap-264-1.fc11.x86_64
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle. Changing version to '11'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Does the update at https://admin.fedoraproject.org/updates/F11/FEDORA-2009-8564 resolve this?
Yes, and all other avc denials are gone as well.