Summary: SELinux is preventing the gconf-defaults- from using potentially mislabeled files (%gconf.xml). Detailed Description: [gconf-defaults- has a permissive type (gconfdefaultsm_t). This access was not denied.] SELinux has denied gconf-defaults- access to potentially mislabeled file(s) (%gconf.xml). This means that SELinux will not allow gconf-defaults- to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Allowing Access: If you want gconf-defaults- to access this files, you need to relabel them using restorecon -v '%gconf.xml'. You might want to relabel the entire directory using restorecon -R -v ''. Additional Information: Source Context system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:user_home_t:s0 Target Objects %gconf.xml [ file ] Source gconf-defaults- Source Path /usr/libexec/gconf-defaults-mechanism Port <Unknown> Host (removed) Source RPM Packages GConf2-2.26.0-2.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.12-39.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name home_tmp_bad_labels Host Name (removed) Platform Linux (removed) 2.6.29.4-167.fc11.x86_64 #1 SMP Wed May 27 17:27:08 EDT 2009 x86_64 x86_64 Alert Count 2 First Seen Wed 10 Jun 2009 07:31:14 PM CEST Last Seen Wed 10 Jun 2009 07:31:14 PM CEST Local ID 24d2b933-ec44-42c6-ab71-1e750f392d03 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1244655074.235:77): avc: denied { read } for pid=32740 comm="gconf-defaults-" name="%gconf.xml" dev=dm-1 ino=37959 scontext=system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file node=(removed) type=AVC msg=audit(1244655074.235:77): avc: denied { open } for pid=32740 comm="gconf-defaults-" name="%gconf.xml" dev=dm-1 ino=37959 scontext=system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1244655074.235:77): arch=c000003e syscall=2 success=yes exit=9 a0=141c2c0 a1=0 a2=1b6 a3=238 items=0 ppid=1 pid=32740 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gconf-defaults-" exe="/usr/libexec/gconf-defaults-mechanism" subj=system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.12-39.fc11,home_tmp_bad_labels,gconf-defaults-,gconfdefaultsm_t,user_home_t,file,read audit2allow suggests: #============= gconfdefaultsm_t ============== allow gconfdefaultsm_t user_home_t:file { read open };
*** This bug has been marked as a duplicate of bug 538428 ***