The following was filed automatically by setroubleshoot: Summary: SELinux is preventing /usr/libexec/polkit-1/polkitd "read" access on meminfo. Detailed Description: SELinux denied access requested by polkitd. It is not expected that this access is required by polkitd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:policykit_t:s0-s0:c0.c1023 Target Context system_u:object_r:proc_t:s0 Target Objects meminfo [ file ] Source polkitd Source Path /usr/libexec/polkit-1/polkitd Port <Unknown> Host (removed) Source RPM Packages polkit-0.95-0.git20090913.2.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-12.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.31.1-56.fc12.i686 #1 SMP Tue Sep 29 16:32:02 EDT 2009 i686 i686 Alert Count 1 First Seen Wed 07 Oct 2009 10:48:40 AM EDT Last Seen Wed 07 Oct 2009 10:48:40 AM EDT Local ID 3e571314-a318-48e2-9a76-54d130143231 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1254926920.456:256): avc: denied { read } for pid=1542 comm="polkitd" name="meminfo" dev=proc ino=4026531992 scontext=system_u:system_r:policykit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1254926920.456:256): arch=40000003 syscall=5 success=no exit=-13 a0=271b66 a1=0 a2=1b6 a3=26f4ae items=0 ppid=1 pid=1542 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="polkitd" exe="/usr/libexec/polkit-1/polkitd" subj=system_u:system_r:policykit_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.32-12.fc12,catchall,polkitd,policykit_t,proc_t,file,read audit2allow suggests: #============= policykit_t ============== allow policykit_t proc_t:file read;
Fixed in selinux-policy-3.6.32-22.fc12.noarch
(In reply to comment #1) > Fixed in selinux-policy-3.6.32-22.fc12.noarch I've got that rpm installed, and I still get this error, or at least the bug report calls it a duplicate of this when logging in.
Well -23 and 24 are in koji right now and should be released before beta, probably tomorrow. Or you can grab them http://koji.fedoraproject.org/koji/buildinfo?buildID=135962 I am running 24 and the tools tell me this is fixed there.
I have selinux-policy-3.6.32-24.fc12.noarch installed and got this bug today. Summary: SELinux is preventing /usr/libexec/polkit-1/polkitd "read" access on meminfo. Detailed Description: SELinux denied access requested by polkitd. It is not expected that this access is required by polkitd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:policykit_t:s0-s0:c0.c1023 Target Context system_u:object_r:proc_t:s0 Target Objects meminfo [ file ] Source polkitd Source Path /usr/libexec/polkit-1/polkitd Port <Unknown> Host (removed) Source RPM Packages polkit-0.95-0.git20090913.2.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-12.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux localhost.localdomain 2.6.31.1-56.fc12.i686.PAE #1 SMP Tue Sep 29 16:16:16 EDT 2009 i686 i686 Alert Count 3 First Seen Thu 08 Oct 2009 02:20:29 PM CDT Last Seen Mon 12 Oct 2009 08:50:17 AM CDT Local ID 33ab92b3-a1a0-4ef3-a5f8-d919e8997ce7 Line Numbers Raw Audit Messages node=localhost.localdomain type=AVC msg=audit(1255355417.694:7): avc: denied { read } for pid=1592 comm="polkitd" name="meminfo" dev=proc ino=4026531992 scontext=system_u:system_r:policykit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_t:s0 tclass=file node=localhost.localdomain type=SYSCALL msg=audit(1255355417.694:7): arch=40000003 syscall=5 success=no exit=-13 a0=708b66 a1=0 a2=1b6 a3=7064ae items=0 ppid=1591 pid=1592 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="polkitd" exe="/usr/libexec/polkit-1/polkitd" subj=system_u:system_r:policykit_t:s0-s0:c0.c1023 key=(null)
Well either you are mistaken or the tool is broken, since the tool is reporing the policy as selinux-policy-3.6.32-12.fc12 Could you execute yum reinstall selinux-policy-targeted And make sure it works successfully?
Here's one from this morning: Summary: SELinux is preventing /usr/lib/thunderbird-3.0b4/thunderbird-bin "execmem" access on <Unknown>. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by thunderbird-bin. The current boolean settings do not allow this access. If you have not setup thunderbird-bin to require this access this may signal an intrusion attempt. If you do intend this access you need to change the booleans on this system to allow the access. Allowing Access: One of the following booleans is set incorrectly: allow_execstack, allow_execmem Fix Command: Choose one of the following to allow access: Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla") # setsebool -P allow_execstack 1 Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla") # setsebool -P allow_execmem 1 Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects None [ process ] Source thunderbird-bin Source Path /usr/lib/thunderbird-3.0b4/thunderbird-bin Port <Unknown> Host localhost.localdomain Source RPM Packages thunderbird-3.0-3.9.b4.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-24.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name catchall_boolean Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.31.1-56.fc12.i686.PAE #1 SMP Tue Sep 29 16:16:16 EDT 2009 i686 i686 Alert Count 36 First Seen Mon 12 Oct 2009 01:51:43 PM CDT Last Seen Tue 13 Oct 2009 08:50:38 AM CDT Local ID c86a8bf0-9814-4d16-83a1-6ede7d6d4a00 Line Numbers Raw Audit Messages node=localhost.localdomain type=AVC msg=audit(1255441838.276:25317): avc: denied { execmem } for pid=2233 comm="thunderbird-bin" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process node=localhost.localdomain type=SYSCALL msg=audit(1255441838.276:25317): arch=40000003 syscall=192 success=yes exit=4689920 a0=0 a1=1000 a2=7 a3=22 items=0 ppid=2229 pid=2233 auid=5160 uid=5160 gid=5161 euid=5160 suid=5160 fsuid=5160 egid=5161 sgid=5161 fsgid=5161 tty=(none) ses=1 comm="thunderbird-bin" exe="/usr/lib/thunderbird-3.0b4/thunderbird-bin" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
I didn't notice that the other reports referred to polkitd. This alert always comes up when I start thunderbird.
dwalsh haven't chimed in yet, so I will make a try Guy Streeter: Your latest alert seems to be unrelated to what this issue is tracking, so try to let setroubleshoot handle it - it will probably file another bug. It seems like it could be related to bug 512845