Summary: SELinux is preventing the hal-acl-tool from using potentially mislabeled files (/). Detailed Description: SELinux has denied hal-acl-tool access to potentially mislabeled file(s) (/). This means that SELinux will not allow hal-acl-tool to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Allowing Access: If you want hal-acl-tool to access this files, you need to relabel them using restorecon -v '/'. You might want to relabel the entire directory using restorecon -R -v '/'. Additional Information: Source Context system_u:system_r:hald_acl_t:s0 Target Context unconfined_u:object_r:user_home_t:s0 Target Objects / [ dir ] Source hal-acl-tool Source Path /usr/libexec/hal-acl-tool Port <Unknown> Host (removed) Source RPM Packages hal-0.5.12-12.20081027git.fc10 Target RPM Packages filesystem-2.4.19-1.fc10 Policy RPM selinux-policy-3.5.13-38.fc10 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name home_tmp_bad_labels Host Name (removed) Platform Linux (removed) 2.6.27.5-117.fc10.i686 #1 SMP Tue Nov 18 12:19:59 EST 2008 i686 i686 Alert Count 104 First Seen Mon 12 Jan 2009 09:51:02 PM GMT Last Seen Mon 12 Jan 2009 09:51:12 PM GMT Local ID b4b1f416-7d9a-4ec6-af4f-4b6131f24879 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1231797072.356:931): avc: denied { search } for pid=4900 comm="hal-acl-tool" name="/" dev=dm-0 ino=2 scontext=system_u:system_r:hald_acl_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1231797072.356:931): arch=40000003 syscall=195 success=no exit=-13 a0=bff0ed80 a1=bff0edf0 a2=29dfc0 a3=8 items=0 ppid=2047 pid=4900 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="hal-acl-tool" exe="/usr/libexec/hal-acl-tool" subj=system_u:system_r:hald_acl_t:s0 key=(null) Hash String generated from selinux-policy-3.5.13-38.fc10,home_tmp_bad_labels,hal-acl-tool,hald_acl_t,user_home_t,dir,search audit2allow suggests: #============= hald_acl_t ============== allow hald_acl_t user_home_t:dir search;
*** This bug has been marked as a duplicate of bug 538428 ***