The following was filed automatically by setroubleshoot: Souhrn: SELinux is preventing restorecon "read write" access to to a leaked file descriptor on socket Podrobný popis: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by the restorecon command. It looks like this is either a leaked descriptor or restorecon output was redirected to a file it is not allowed to access. Leaks usually can be ignored since SELinux is just closing the leak and reporting the error. The application does not use the descriptor, so it will run properly. If this is a redirection, you will not get output in the socket. You should generate a bugzilla on selinux-policy, and it will get routed to the appropriate package. You can safely ignore this avc. Povolení přístupu: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Další informace: Kontext zdroje system_u:system_r:setfiles_t:s0-s0:c0.c1023 Kontext cíle system_u:system_r:initrc_t:s0-s0:c0.c1023 Objekty cíle socket [ unix_dgram_socket ] Zdroj restorecon Cesta zdroje /sbin/setfiles Port <Neznámé> Počítač (removed) RPM balíčky zdroje policycoreutils-2.0.71-15.fc12 RPM balíčky cíle RPM politiky selinux-policy-3.6.30-4.fc12 Selinux povolen True Typ politiky targeted MLS povoleno True Vynucovací režim Permissive Název zásuvného modulu leaks Název počítače (removed) Platforma Linux (removed) 2.6.31-0.204.rc9.fc12.x86_64 #1 SMP Sat Sep 5 20:45:55 EDT 2009 x86_64 x86_64 Počet upozornění 1 Poprvé viděno Út 8. září 2009, 11:44:31 CEST Naposledy viděno Út 8. září 2009, 11:44:31 CEST Místní ID 8b4b5f9b-b43a-4099-af05-86a6856132be Čísla řádků Původní zprávy auditu node=(removed) type=AVC msg=audit(1252403071.267:747): avc: denied { read write } for pid=28863 comm="restorecon" path="socket:[2270591]" dev=sockfs ino=2270591 scontext=system_u:system_r:setfiles_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0-s0:c0.c1023 tclass=unix_dgram_socket node=(removed) type=SYSCALL msg=audit(1252403071.267:747): arch=c000003e syscall=59 success=yes exit=0 a0=1fd98f0 a1=1fd8a90 a2=1fd8930 a3=8 items=0 ppid=28862 pid=28863 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/sbin/setfiles" subj=system_u:system_r:setfiles_t:s0-s0:c0.c1023 key=(null) audit2allow suggests: #============= setfiles_t ============== allow setfiles_t initrc_t:unix_dgram_socket { read write };
Any idea which app is execing restorecon? Could abrtd be doing this?
No idea, probably a good candidate for INSUFFICIENT_DATA, I am afraid.