Description of problem: I booted with the liveCD available for the nouveau testing: https://fedoraproject.org/wiki/QA/Test_Days/2009-03-26 with an HP Deskjet D2360 plugged into the computer. Even before I'd logged in (runlevel 3) I saw SELinux related denials: Summary: SELinux is preventing the python from using potentially mislabeled files (49cc2ecd1ce35). Detailed Description: SELinux has denied python access to potentially mislabeled file(s) (49cc2ecd1ce35). This means that SELinux will not allow python to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Allowing Access: If you want python to access this files, you need to relabel them using restorecon -v '49cc2ecd1ce35'. You might want to relabel the entire directory using restorecon -R -v '<Unknown>'. Additional Information: Source Context system_u:system_r:cupsd_config_t:s0 Target Context system_u:object_r:tmp_t:s0 Target Objects 49cc2ecd1ce35 [ lnk_file ] Source python Source Path /usr/bin/python Port <Unknown> Host leaf Source RPM Packages python-2.6-5.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.8-3.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name home_tmp_bad_labels Host Name leaf Platform Linux leaf 2.6.29-0.279.rc8.git6.fc11.i586 #1 SMP Mon Mar 23 10:42:51 EDT 2009 i686 i686 Alert Count 1 First Seen Thu 26 Mar 2009 09:41:33 PM EDT Last Seen Thu 26 Mar 2009 09:41:33 PM EDT Local ID a739eb0e-8038-4ff8-ac31-35269f4fd136 Line Numbers Raw Audit Messages node=leaf type=AVC msg=audit(1238118093.118:28444): avc: denied { create } for pid=3174 comm="python" name="49cc2ecd1ce35" scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=lnk_file node=leaf type=SYSCALL msg=audit(1238118093.118:28444): arch=40000003 syscall=83 success=no exit=-13 a0=bfe4ad5c a1=85de558 a2=750240 a3=85de558 items=0 ppid=1 pid=3174 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python" subj=system_u:system_r:cupsd_config_t:s0 key=(null)
You can add these rules for now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-3.6.10-3.fc11.noarch