The following was filed automatically by setroubleshoot: Summary: SELinux is preventing the /bin/cp from using potentially mislabeled files (vboxadd-Module.symvers). Detailed Description: [cp has a permissive type (initrc_t). This access was not denied.] SELinux has denied cp access to potentially mislabeled file(s) (vboxadd-Module.symvers). This means that SELinux will not allow cp to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Allowing Access: If you want cp to access this files, you need to relabel them using restorecon -v 'vboxadd-Module.symvers'. You might want to relabel the entire directory using restorecon -R -v ''. Additional Information: Source Context unconfined_u:system_r:initrc_t:s0 Target Context unconfined_u:object_r:user_tmp_t:s0 Target Objects vboxadd-Module.symvers [ file ] Source cp Source Path /bin/cp Port <Unknown> Host (removed) Source RPM Packages coreutils-7.5-6.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.31-3.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name home_tmp_bad_labels Host Name (removed) Platform Linux (removed) 2.6.31-0.204.rc9.fc12.i686 #1 SMP Sat Sep 5 21:01:10 EDT 2009 i686 i686 Alert Count 1 First Seen Sat 12 Sep 2009 05:00:34 PM CEST Last Seen Sat 12 Sep 2009 05:00:34 PM CEST Local ID 275e8f6a-328b-4ebd-a5c6-fdf9829c1ace Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1252767634.128:108): avc: denied { write } for pid=18449 comm="cp" name="vboxadd-Module.symvers" dev=dm-0 ino=87425 scontext=unconfined_u:system_r:initrc_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1252767634.128:108): arch=40000003 syscall=5 success=yes exit=4 a0=bfe9d913 a1=8201 a2=0 a3=1a4 items=0 ppid=18448 pid=18449 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="cp" exe="/bin/cp" subj=unconfined_u:system_r:initrc_t:s0 key=(null) audit2allow suggests: #============= initrc_t ============== allow initrc_t user_tmp_t:file write;
Fixed in latest policy. Please yum update.