Summary: SELinux prevented polkitd from reading files stored on a NFS filesytem. Detailed Description: SELinux prevented polkitd from reading files stored on a NFS filesystem. NFS (Network Filesystem) is a network filesystem commonly used on Unix / Linux systems. polkitd attempted to read one or more files or directories from a mounted filesystem of this type. As NFS filesystems do not support fine-grained SELinux labeling, all files and directories in the filesystem will have the same security context. If you have not configured polkitd to read files from a NFS filesystem this access attempt could signal an intrusion attempt. Allowing Access: Changing the "use_nfs_home_dirs" boolean to true will allow this access: "setsebool -P use_nfs_home_dirs=1" Fix Command: setsebool -P use_nfs_home_dirs=1 Additional Information: Source Context system_u:system_r:policykit_t:s0-s0:c0.c1023 Target Context system_u:object_r:nfs_t:s0 Target Objects [ dir ] Source polkitd Source Path /usr/libexec/polkit-1/polkitd Port <Unknown> Host (removed) Source RPM Packages polkit-0.95-0.git20090913.3.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-41.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name use_nfs_home_dirs Host Name (removed) Platform Linux (removed) 2.6.31.5-127.fc12.i686.PAE #1 SMP Sat Nov 7 21:25:57 EST 2009 i686 i686 Alert Count 834 First Seen Sat 31 Oct 2009 12:32:32 PM PDT Last Seen Sat 14 Nov 2009 01:23:20 PM PST Local ID 2b426b93-bb8c-4a37-9e4c-d4f49bc4df8d Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1258233800.223:21533): avc: denied { search } for pid=1645 comm="polkitd" name="" dev=0:15 ino=2 scontext=system_u:system_r:policykit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:nfs_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1258233800.223:21533): arch=40000003 syscall=195 success=no exit=-13 a0=94008f0 a1=bfc4d1d0 a2=cfbff4 a3=94008f0 items=0 ppid=1 pid=1645 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="polkitd" exe="/usr/libexec/polkit-1/polkitd" subj=system_u:system_r:policykit_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.32-41.fc12,use_nfs_home_dirs,polkitd,policykit_t,nfs_t,dir,search audit2allow suggests: #============= policykit_t ============== allow policykit_t nfs_t:dir search;
Are you using nfs home directories? Did you restart the polkitd daemon while sitting in an NFS directory?