The following was filed automatically by setroubleshoot: Summary: SELinux is preventing modprobe "write" access to to a leaked file descriptor on /tmp/firstbootX.log Detailed Description: [modprobe has a permissive type (insmod_t). This access was not denied.] SELinux denied access requested by the modprobe command. It looks like this is either a leaked descriptor or modprobe output was redirected to a file it is not allowed to access. Leaks usually can be ignored since SELinux is just closing the leak and reporting the error. The application does not use the descriptor, so it will run properly. If this is a redirection, you will not get output in the /tmp/firstbootX.log. You should generate a bugzilla on selinux-policy, and it will get routed to the appropriate package. You can safely ignore this avc. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Additional Information: Source Context system_u:system_r:insmod_t:s0 Target Context system_u:object_r:tmp_t:s0 Target Objects /tmp/firstbootX.log [ file ] Source modprobe Source Path /sbin/modprobe Port <Unknown> Host (removed) Source RPM Packages module-init-tools-3.9-2.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.30-2.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name leaks Host Name (removed) Platform Linux (removed) 2.6.31-0.199.rc8.git2.fc12.x86_64 #1 SMP Wed Sep 2 20:54:49 EDT 2009 x86_64 x86_64 Alert Count 2 First Seen Sat 05 Sep 2009 01:56:13 PM CEST Last Seen Sat 05 Sep 2009 01:56:13 PM CEST Local ID 581fc942-f866-4bac-a0cb-7b97d5e0ab50 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1252151773.193:14): avc: denied { write } for pid=1226 comm="modprobe" path="/tmp/firstbootX.log" dev=dm-1 ino=73802 scontext=system_u:system_r:insmod_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=file node=(removed) type=AVC msg=audit(1252151773.193:14): avc: denied { read write } for pid=1226 comm="modprobe" path="socket:[9175]" dev=sockfs ino=9175 scontext=system_u:system_r:insmod_t:s0 tcontext=system_u:system_r:firstboot_t:s0 tclass=unix_stream_socket node=(removed) type=SYSCALL msg=audit(1252151773.193:14): arch=c000003e syscall=59 success=yes exit=0 a0=7fffd8322a90 a1=7fffd83209f0 a2=7fffd8323198 a3=7fffd8322810 items=0 ppid=1223 pid=1226 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty6 ses=4294967295 comm="modprobe" exe="/sbin/modprobe" subj=system_u:system_r:insmod_t:s0 key=(null) audit2allow suggests: #============= insmod_t ============== allow insmod_t firstboot_t:unix_stream_socket { read write }; allow insmod_t tmp_t:file write;
First boot is leaking.
This will be fixed in the next build of firstboot. Thanks for the bug report.