Summary: SELinux is preventing the gconf-defaults- from using potentially mislabeled files (.testing.writeability). Detailed Description: [gconf-defaults- has a permissive type (gconfdefaultsm_t). This access was not denied.] SELinux has denied gconf-defaults- access to potentially mislabeled file(s) (.testing.writeability). This means that SELinux will not allow gconf-defaults- to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Allowing Access: If you want gconf-defaults- to access this files, you need to relabel them using restorecon -v '.testing.writeability'. You might want to relabel the entire directory using restorecon -R -v '.testing.writeability'. Additional Information: Source Context system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:user_home_t:s0 Target Objects .testing.writeability [ dir ] Source gconf-defaults- Source Path /usr/libexec/gconf-defaults-mechanism Port <Unknown> Host (removed) Source RPM Packages GConf2-2.26.2-1.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.12-39.fc11 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name home_tmp_bad_labels Host Name (removed) Platform Linux (removed) 2.6.29.5-191.fc11.i686.PAE #1 SMP Tue Jun 16 23:19:53 EDT 2009 i686 i686 Alert Count 2 First Seen Sat 25 Jul 2009 08:13:12 PM IST Last Seen Sat 25 Jul 2009 08:13:12 PM IST Local ID eb675c76-06f0-4651-88e0-b8ed71b7426e Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1248532992.220:26086): avc: denied { remove_name } for pid=29219 comm="gconf-defaults-" name=".testing.writeability" dev=sda2 ino=112 scontext=system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1248532992.220:26086): avc: denied { unlink } for pid=29219 comm="gconf-defaults-" name=".testing.writeability" dev=sda2 ino=112 scontext=system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1248532992.220:26086): arch=40000003 syscall=10 success=yes exit=0 a0=84e8f90 a1=41 a2=5fee1a4 a3=84e8f90 items=0 ppid=1 pid=29219 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gconf-defaults-" exe="/usr/libexec/gconf-defaults-mechanism" subj=system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.12-39.fc11,home_tmp_bad_labels,gconf-defaults-,gconfdefaultsm_t,user_home_t,dir,remove_name audit2allow suggests: #============= gconfdefaultsm_t ============== allow gconfdefaultsm_t user_home_t:dir remove_name; allow gconfdefaultsm_t user_home_t:file unlink;
*** This bug has been marked as a duplicate of bug 538428 ***