Description of problem: I got 40 AVC messages when trying to report a crash, all of this type: node=worm.elk type=AVC msg=audit(1250757169.719:24465): avc: denied { rename } for pid=2114 comm="debuginfo-insta" name="from_repo.tmp" dev=dm-5 ino=157272 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=file You can't run that program from the initrc_t domain. Version-Release number of selected component (if applicable): abrt-0.0.7.1-1.fc12.x86_64 How reproducible: Don't know. Similarly, abrt is tyring to to do all sorts of things it can't do in the initrc_t domain: node=worm.elk type=AVC msg=audit(1250757314.191:24466): avc: denied { add_name } for pid=1437 comm="abrt" name="abrt-db-journal" scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
Any idea what this last message means? "Cant create 'abrt-db-journal' file" or something else?
imho, abrt-db-journal is created by sqlite3 during a sql transaction.
The problem is that abrt is not running in an SELinux context that is allowed to write to directories with the rpm_var_lib_t SELinux file context label. Looks like abrt doesn't have any SELinux policy written at all?
cc-ing mgrepl, who sent us his abrt policy for testing
fixed by the newest selinux-policy in rawhide