Description of problem: SELinux is preventing avahi-daemon (avahi_t) "read write" unconfined_t. Version-Release number of selected component (if applicable): avahi-0.6.24-2.fc11.i586 How reproducible: always Steps to Reproduce: 1.open xterm, and su - 2.service avahi-daemon status 3. Actual results: avc Expected results: no avc Additional info: Summary: SELinux is preventing avahi-daemon (avahi_t) "read write" unconfined_t. Detailed Description: SELinux denied access requested by avahi-daemon. It is not expected that this access is required by avahi-daemon and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context unconfined_u:system_r:avahi_t:s0 Target Context unconfined_u:unconfined_r:unconfined_t:s0 Target Objects socket [ unix_stream_socket ] Source avahi-daemon Source Path /usr/sbin/avahi-daemon Port <Unknown> Host walnut Source RPM Packages avahi-0.6.24-2.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.8-3.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name walnut Platform Linux walnut 2.6.29-0.237.rc7.git4.fc11.i586 #1 SMP Wed Mar 11 18:55:21 EDT 2009 i686 i686 Alert Count 4 First Seen Sun 15 Mar 2009 06:04:58 PM CDT Last Seen Sun 15 Mar 2009 07:28:20 PM CDT Local ID b3048bf5-1b9b-4367-b7fc-01f87c911afd Line Numbers Raw Audit Messages node=walnut type=AVC msg=audit(1237163300.876:135): avc: denied { read write } for pid=3291 comm="avahi-daemon" path="socket:[12796]" dev=sockfs ino=12796 scontext=unconfined_u:system_r:avahi_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=unix_stream_socket node=walnut type=AVC msg=audit(1237163300.876:135): avc: denied { read write } for pid=3291 comm="avahi-daemon" path="socket:[12810]" dev=sockfs ino=12810 scontext=unconfined_u:system_r:avahi_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=unix_stream_socket node=walnut type=SYSCALL msg=audit(1237163300.876:135): arch=40000003 syscall=11 success=yes exit=0 a0=833a620 a1=833a720 a2=833a730 a3=833a720 items=0 ppid=3288 pid=3291 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="avahi-daemon" exe="/usr/sbin/avahi-daemon" subj=unconfined_u:system_r:avahi_t:s0 key=(null)
When did this happen? Were you logged in on a Konsole and did a service avahi restart? Did you restart avahi using some GUI? Did it happen after a yum upgrade on a konsole terminal?
*** Bug 490388 has been marked as a duplicate of this bug. ***
(In reply to comment #1) > When did this happen? Were you logged in on a Konsole and did a service avahi > restart? I opened an xterm window, "su -", then "service avahi-daemon status". > Did you restart avahi using some GUI? > Did it happen after a yum upgrade on a konsole terminal? Prior to running the commands above, I had yum erase'd the avahi-qt3 package. Now, with avahi-qt3 installed, "service avahi-daemon status" does not avc. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
Well there is a leaked file descriptor somewhere that avahi is being handed, which is causing the AVC. Unless we can track it down to the terminal or a gui causing the problem, not much I can do to help. If you see this AVC check in your terminal so see if you have a leaked file descriptor. ls -l /proc/self/fd total 0 lr-x------. 1 root root 64 2009-03-17 13:59 0 -> /dev/pts/1 lrwx------. 1 root root 64 2009-03-17 13:59 1 -> /dev/pts/1 lrwx------. 1 root root 64 2009-03-17 13:59 2 -> /dev/pts/1 lr-x------. 1 root root 64 2009-03-17 13:59 3 -> /proc/14709/fd This list shows the correct file descriptors. 0,1,2 using the terminal for stdin, stdout, and stderr. 3 is actually the ls command reading /proc/self/fd