The following was filed automatically by setroubleshoot: Summary: SELinux is preventing /usr/bin/python "read" access on /boot. Detailed Description: [debuginfo-insta has a permissive type (abrt_t). This access was not denied.] SELinux denied access requested by debuginfo-insta. It is not expected that this access is required by debuginfo-insta and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:abrt_t:s0 Target Context system_u:object_r:boot_t:s0 Target Objects /boot [ dir ] Source debuginfo-insta Source Path /usr/bin/python Port <Unknown> Host (removed) Source RPM Packages python-2.6.2-2.fc12 Target RPM Packages filesystem-2.4.30-2.fc12 Policy RPM selinux-policy-3.6.32-8.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.31-2.fc12.x86_64 #1 SMP Thu Sep 10 00:25:40 EDT 2009 x86_64 x86_64 Alert Count 2 First Seen Wed 23 Sep 2009 02:37:54 PM EDT Last Seen Wed 23 Sep 2009 02:37:54 PM EDT Local ID 91350ae4-aeea-4ae0-83ae-8e7d27da3786 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1253731074.206:79): avc: denied { read } for pid=14121 comm="debuginfo-insta" name="/" dev=sda2 ino=2 scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:boot_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1253731074.206:79): avc: denied { open } for pid=14121 comm="debuginfo-insta" name="/" dev=sda2 ino=2 scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:boot_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1253731074.206:79): arch=c000003e syscall=2 success=yes exit=0 a0=1da5390 a1=90800 a2=0 a3=7fff5c06c9f8 items=0 ppid=1508 pid=14121 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="debuginfo-insta" exe="/usr/bin/python" subj=system_u:system_r:abrt_t:s0 key=(null) audit2allow suggests: #============= abrt_t ============== allow abrt_t boot_t:dir { read open };
Fixed in selinux-policy-3.6.32-10.fc12.noarch
*** Bug 525269 has been marked as a duplicate of this bug. ***