\u0421\u0432\u043e\u0434\u043a\u0430: SELinux is preventing /sbin/consoletype access to a leaked packet_socket file descriptor. \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435: [consoletype \u0437\u0430\u043f\u0443\u0449\u0435\u043d \u0432 \u043f\u0440\u0438\u043d\u0443\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u043c \u0440\u0435\u0436\u0438\u043c\u0435 (consoletype_t). \u042d\u0442\u043e \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0435\u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e.] SELinux denied access requested by the consoletype command. It looks like this is either a leaked descriptor or consoletype output was redirected to a file it is not allowed to access. Leaks usually can be ignored since SELinux is just closing the leak and reporting the error. The application does not use the descriptor, so it will run properly. If this is a redirection, you will not get output in the packet_socket. You should generate a bugzilla on selinux-policy, and it will get routed to the appropriate package. You can safely ignore this avc. \u0420\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) \u0414\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u044f: \u0418\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0435\u043a unconfined_u:system_r:consoletype_t:s0 \u0426\u0435\u043b\u0435\u0432\u043e\u0439 \u041a\u043e\u043d\u0442\u0435\u043a\u0441 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 \u0426\u0435\u043b\u0435\u0432\u044b\u0435 \u041e\u0431\u044a\u0435\u043a\u0442\u044b packet_socket [ packet_socket ] \u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a consoletype \u041f\u0443\u0442\u044c \u043a \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\Uffffffff/sbin/consoletype \u041f\u043e\u0440\u0442 <\u041d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e> \u0423\u0437\u0435\u043b underdark.thor.od.ua \u0418\u0441\u0445\u043e\u0434\u043d\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b initscripts-9.02-1 \u0426\u0435\u043b\u0435\u0432\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b R RPM \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 selinux-policy-3.6.32-46.fc12 Selinux \u0430\u043a\u0442\u0438\u0432\u043d\u0430 True \u0422\u0438\u043f \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 targeted \u041f\u0440\u0438\u043d\u0443\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 Enforcing \u0418\u043c\u044f \u0434\u043e\u043f.\u043c\u043e\u0434\u0443\u043b\u044f leaks \u0418\u043c\u044f \u0445\u043e\u0441\u0442\u0430 underdark.thor.od.ua \u041f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 Linux underdark.thor.od.ua 2.6.31.5-127.fc12.x86_64 #1 SMP Sat Nov 7 21:11:14 EST 2009 x86_64 x86_64 \u0421\u0447\u0435\u0442\u0447\u0438\u043a \u0443\u0432\u0435\u0434\u043e\u043c\u043b 37 \u041f\u0435\u0440\u0432\u044b\u0439 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d \u0421\u0431\u0442 28 \u041d\u043e\u044f 2009 18:03:40 \u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u0437\u0430\u043c\u0435\u0447 \u041f\u043d\u0434 30 \u041d\u043e\u044f 2009 11:15:46 \u041b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0439 ID 83fd6466-d188-4e27-be84-cb6d329f8755 \u041d\u043e\u043c\u0435\u0440\u0430 \u0441\u0442\u0440\u043e\u043a \u0421\u044b\u0440\u044b\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f node=underdark.thor.od.ua type=AVC msg=audit(1259572546.129:27996): avc: denied { read write } for pid=27703 comm="consoletype" path="socket:[320436909]" dev=sockfs ino=320436909 scontext=unconfined_u:system_r:consoletype_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=packet_socket node=underdark.thor.od.ua type=SYSCALL msg=audit(1259572546.129:27996): arch=c000003e syscall=59 success=yes exit=0 a0=1a25410 a1=1a25470 a2=1a25200 a3=7fffce7cdb90 items=0 ppid=27702 pid=27703 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=93 comm="consoletype" exe="/sbin/consoletype" subj=unconfined_u:system_r:consoletype_t:s0 key=(null) Hash String generated from selinux-policy-3.6.32-46.fc12,leaks,consoletype,consoletype_t,unconfined_t,packet_socket,read,write audit2allow suggests: #============= consoletype_t ============== allow consoletype_t unconfined_t:packet_socket { read write };
*** This bug has been marked as a duplicate of bug 541107 ***