The following was filed automatically by setroubleshoot: Summary: SELinux is preventing /usr/bin/python "write" access on /var/cache/yum/timedhosts.txt. Detailed Description: [debuginfo-insta has a permissive type (abrt_t). This access was not denied.] SELinux denied access requested by debuginfo-insta. It is not expected that this access is required by debuginfo-insta and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:abrt_t:s0 Target Context unconfined_u:object_r:var_t:s0 Target Objects /var/cache/yum/timedhosts.txt [ file ] Source debuginfo-insta Source Path /usr/bin/python Port <Unknown> Host (removed) Source RPM Packages python-2.6.2-2.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-8.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.31-2.fc12.x86_64 #1 SMP Thu Sep 10 00:25:40 EDT 2009 x86_64 x86_64 Alert Count 1 First Seen Wed 23 Sep 2009 02:37:47 PM EDT Last Seen Wed 23 Sep 2009 02:37:47 PM EDT Local ID 3fa6c051-e221-4622-971e-7921028929c0 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1253731067.370:71): avc: denied { write } for pid=14121 comm="debuginfo-insta" name="timedhosts.txt" dev=dm-0 ino=3738 scontext=system_u:system_r:abrt_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1253731067.370:71): arch=c000003e syscall=21 success=yes exit=0 a0=1a9e720 a1=2 a2=33559b0e40 a3=7fff5c06bf68 items=0 ppid=1508 pid=14121 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="debuginfo-insta" exe="/usr/bin/python" subj=system_u:system_r:abrt_t:s0 key=(null) audit2allow suggests: #============= abrt_t ============== allow abrt_t var_t:file write;
Fixed in selinux-policy-3.6.32-10.fc12.noarch