The following was filed automatically by setroubleshoot: Summary: SELinux is preventing sedispatch "getcap" access on <Unknown>. Detailed Description: SELinux denied access requested by sedispatch. It is not expected that this access is required by sedispatch and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:audisp_t:s0 Target Context system_u:system_r:audisp_t:s0 Target Objects None [ process ] Source sedispatch Source Path /usr/sbin/sedispatch Port <Unknown> Host (removed) Source RPM Packages setroubleshoot-server-2.2.23-1.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.28-9.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.31-0.190.rc8.fc12.i686.PAE #1 SMP Fri Aug 28 18:51:47 EDT 2009 i686 i686 Alert Count 1 First Seen Sun 30 Aug 2009 09:27:13 AM IDT Last Seen Sun 30 Aug 2009 09:27:13 AM IDT Local ID 1d171fa0-f11e-474d-9878-2479667cfb5f Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1251613633.956:18296): avc: denied { getcap } for pid=1270 comm="sedispatch" scontext=system_u:system_r:audisp_t:s0 tcontext=system_u:system_r:audisp_t:s0 tclass=process node=(removed) type=SYSCALL msg=audit(1251613633.956:18296): arch=40000003 syscall=184 success=no exit=-13 a0=b7f0e944 a1=b7f0e94c a2=721ff4 a3=b7f0e940 items=0 ppid=1267 pid=1270 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sedispatch" exe="/usr/sbin/sedispatch" subj=system_u:system_r:audisp_t:s0 key=(null) audit2allow suggests: #============= audisp_t ============== allow audisp_t self:process getcap;
Fixed in selinux-policy-3.6.29-1.fc12.noarch I am supprised this is not fixed in 28-9. Are you sure your update was successfull?