Summary:

SELinux is preventing the avahi-dnsconfd (avahi_t) from executing
/etc/avahi/avahi-dnsconfd.action.

Detailed Description:

SELinux has denied the avahi-dnsconfd from executing
/etc/avahi/avahi-dnsconfd.action. If avahi-dnsconfd is supposed to be able to
execute /etc/avahi/avahi-dnsconfd.action, this could be a labeling problem. Most
confined domains are allowed to execute files labeled bin_t. So you could change
the labeling on this file to bin_t and retry the application. If this
avahi-dnsconfd is not supposed to execute /etc/avahi/avahi-dnsconfd.action, this
could signal a intrusion attempt.

Allowing Access:

If you want to allow avahi-dnsconfd to execute /etc/avahi/avahi-dnsconfd.action:
chcon -t bin_t '/etc/avahi/avahi-dnsconfd.action' If this fix works, please
update the file context on disk, with the following command: semanage fcontext
-a -t bin_t '/etc/avahi/avahi-dnsconfd.action' Please specify the full path to
the executable, Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this selinux-policy
to make sure this becomes the default labeling.

Additional Information:

Source Context                unconfined_u:system_r:avahi_t:s0
Target Context                system_u:object_r:etc_t:s0
Target Objects                /etc/avahi/avahi-dnsconfd.action [ file ]
Source                        avahi-dnsconfd
Source Path                   /usr/sbin/avahi-dnsconfd
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           avahi-dnsconfd-0.6.25-3.fc11
Target RPM Packages           avahi-dnsconfd-0.6.25-3.fc11
Policy RPM                    selinux-policy-3.6.12-50.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   execute
Host Name                     (removed)
Platform                      Linux (removed) 2.6.29.4-167.fc11.i586 #1
                              SMP Wed May 27 17:14:37 EDT 2009 i686 athlon
Alert Count                   4
First Seen                    Thu 16 Jul 2009 11:39:19 PM EEST
Last Seen                     Thu 16 Jul 2009 11:41:12 PM EEST
Local ID                      920119e5-6435-4795-a00f-008ba8a3c58f
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1247776872.909:748): avc:  denied  { execute } for  pid=18464 comm="avahi-dnsconfd" name="avahi-dnsconfd.action" dev=dm-1 ino=6490046 scontext=unconfined_u:system_r:avahi_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1247776872.909:748): arch=40000003 syscall=11 success=no exit=-13 a0=804a6b0 a1=bfecebc0 a2=981f088 a3=804a4a7 items=0 ppid=18322 pid=18464 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="avahi-dnsconfd" exe="/usr/sbin/avahi-dnsconfd" subj=unconfined_u:system_r:avahi_t:s0 key=(null)



Hash String generated from  selinux-policy-3.6.12-50.fc11,execute,avahi-dnsconfd,avahi_t,etc_t,file,execute
audit2allow suggests:

#============= avahi_t ==============
allow avahi_t etc_t:file execute;