The following was filed automatically by setroubleshoot: Souhrn: SELinux is preventing the iconv from using potentially mislabeled files (/tmp/ccdmHmI6). Podrobný popis: SELinux has denied iconv access to potentially mislabeled file(s) (/tmp/ccdmHmI6). This means that SELinux will not allow iconv to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Povolení přístupu: If you want iconv to access this files, you need to relabel them using restorecon -v '/tmp/ccdmHmI6'. You might want to relabel the entire directory using restorecon -R -v '/tmp'. Další informace: Kontext zdroje unconfined_u:system_r:NetworkManager_t:s0 Kontext cíle unconfined_u:object_r:tmp_t:s0 Objekty cíle /tmp/ccdmHmI6 [ file ] Zdroj iconv Cesta zdroje /usr/bin/iconv Port <Neznámé> Počítač (removed) RPM balíčky zdroje glibc-common-2.10.90-15 RPM balíčky cíle RPM politiky selinux-policy-3.6.28-8.fc12 Selinux povolen True Typ politiky targeted MLS povoleno True Vynucovací režim Permissive Název zásuvného modulu home_tmp_bad_labels Název počítače (removed) Platforma Linux (removed) 2.6.31-0.174.rc7.git2.fc12.x86_64 #1 SMP Mon Aug 24 23:25:34 EDT 2009 x86_64 x86_64 Počet upozornění 1 Poprvé viděno Ne 30. srpen 2009, 08:59:10 CEST Naposledy viděno Ne 30. srpen 2009, 08:59:10 CEST Místní ID 32bd7808-644d-46a5-8fb4-e95f150d2795 Čísla řádků Původní zprávy auditu node=(removed) type=AVC msg=audit(1251615550.844:27822): avc: denied { ioctl } for pid=11218 comm="iconv" path="/tmp/ccdmHmI6" dev=tmpfs ino=1716131 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1251615550.844:27822): arch=c000003e syscall=16 success=no exit=-25 a0=1 a1=5401 a2=7fff516e5220 a3=20 items=0 ppid=11217 pid=11218 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="iconv" exe="/usr/bin/iconv" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null) audit2allow suggests: #============= NetworkManager_t ============== allow NetworkManager_t tmp_t:file ioctl;
What process created /tmp/ccdmHmi6?
Created attachment 359329 [details] screenshot of the issue Actually, I have no clue. I have to admit that I was more interested to find out whether sealert -s would work in the rare occasion when it seemed useful. I was preparing to file a bug against sealert (which I do now? ;-)) and tested how bad the issue is.
Try the latest setroubleshoot in rawhide, I spent some time cleaning up the code yesterday. Are you repeatedly seeing this error?
Dan, do you have any idea what creates this file?