Description of problem:SELinux denied access requested by chcon. It is not expected that this access is required by chcon and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Version-Release number of selected component (if applicable): How reproducible: Not sure, probably every time. Steps to Reproduce: 1. I was running a yum update with updates-testing enabled 2. 3. Actual results: Lots of SElinux denials (yellow stars) Expected results: No denials. Additional info: It's formatted in the SETroubleshooter output, not sure what happens when I paste it. Source Context: unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023Target Context: unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023Target Objects: None [ capability2 ]Source: chconSource Path: /usr/bin/chconPort: <Unknown>Host: fedora10.sata1Source RPM Packages: coreutils-6.12-18.fc10Target RPM Packages: Policy RPM: selinux-policy-3.5.13-45.fc10Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: EnforcingPlugin Name: catchallHost Name: fedora10.sata1Platform: Linux fedora10.sata1 2.6.27.15-170.2.24.fc10.x86_64 #1 SMP Wed Feb 11 23:14:31 EST 2009 x86_64 x86_64Alert Count: 200First Seen: Fri 13 Feb 2009 12:48:32 PM MSTLast Seen: Thu 19 Feb 2009 11:31:13 AM MSTLocal ID: e7133d74-d5cb-4d55-b2c2-6799a36512a9Line Numbers: Raw Audit Messages :node=fedora10.sata1 type=AVC msg=audit(1235068273.927:93233): avc: denied { mac_admin } for pid=1211 comm="chcon" capability=33 scontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=capability2 node=fedora10.sata1 type=SYSCALL msg=audit(1235068273.927:93233): arch=c000003e syscall=189 success=no exit=-22 a0=12f3670 a1=3aaba146f9 a2=12f3570 a3=20 items=0 ppid=1210 pid=1211 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty4 ses=376 comm="chcon" exe="/usr/bin/chcon" subj=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
Do you have any idea which program was being updated when you say this AVC? Could you execute the following rpm -qa --scripts | grep chcon
I don't have an answer for your question. If it happens again, I'll make note of the currently occurring update. In the meantime, here is the result of the command you requested. $ rpm -qa --scripts | grep chcon /usr/bin/chcon "$SECXT" /var/log/lastlog >/dev/null 2>&1 /usr/bin/chcon -R system_u:object_r:squid_cache_t /var/squidGuard >/dev/null 2>&1 /usr/bin/chcon -R system_u:object_r:squid_log_t /var/log/squidGuard >/dev/null 2>&1 chcon -t texrel_shlib_t /usr/lib64/libannodex.so.*
*** This bug has been marked as a duplicate of bug 486634 ***
stanl, I found what is causing this and opened a bug with squidGuard to fix it.