The following was filed automatically by setroubleshoot: Summary: SELinux is preventing sssd_be "setattr" access on krb5cc_3267. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by sssd_be. It is not expected that this access is required by sssd_be and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:sssd_t:s0 Target Context unconfined_u:object_r:tmp_t:s0 Target Objects krb5cc_3267 [ file ] Source sssd_be Source Path /usr/libexec/sssd/sssd_be Port <Unknown> Host (removed) Source RPM Packages sssd-2009090901-0.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.30-5.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.31-0.190.rc8.fc12.x86_64 #1 SMP Fri Aug 28 18:51:58 EDT 2009 x86_64 x86_64 Alert Count 2 First Seen Wed 09 Sep 2009 11:11:06 AM EDT Last Seen Wed 09 Sep 2009 11:15:10 AM EDT Local ID eceae94b-8f6d-42a7-a583-4144808ab1d8 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1252509310.381:348): avc: denied { setattr } for pid=13535 comm="sssd_be" name="krb5cc_3267" dev=tmpfs ino=200995 scontext=unconfined_u:system_r:sssd_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1252509310.381:348): arch=c000003e syscall=91 success=yes exit=0 a0=11 a1=180 a2=0 a3=7fffc118e7e0 items=0 ppid=13419 pid=13535 auid=3267 uid=3267 gid=3267 euid=3267 suid=3267 fsuid=3267 egid=3267 sgid=3267 fsgid=3267 tty=(none) ses=1 comm="sssd_be" exe="/usr/libexec/sssd/sssd_be" subj=unconfined_u:system_r:sssd_t:s0 key=(null) audit2allow suggests: #============= sssd_t ============== allow sssd_t tmp_t:file setattr;
Fixed in selinux-policy-3.6.31-2.fc12.noarch