Souhrn: SELinux is preventing tuned "read" access on fifo_file. Podrobný popis: SELinux denied access requested by tuned. It is not expected that this access is required by tuned and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Povolení přístupu: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Další informace: Kontext zdroje system_u:system_r:tuned_t:s0 Kontext cíle system_u:system_r:tuned_t:s0 Objekty cíle fifo_file [ fifo_file ] Zdroj tuned Cesta zdroje tuned Port <Neznámé> Počítač (removed) RPM balíčky zdroje RPM balíčky cíle RPM politiky selinux-policy-3.6.32-56.fc12 Selinux povolen True Typ politiky targeted Vynucovací režim Enforcing Název zásuvného modulu catchall Název počítače (removed) Platforma Linux (removed) 2.6.31.6-145.fc12.x86_64 #1 SMP Sat Nov 21 15:57:45 EST 2009 x86_64 x86_64 Počet upozornění 1 Poprvé viděno Út 15. prosinec 2009, 02:25:33 CET Naposledy viděno Út 15. prosinec 2009, 02:25:33 CET Místní ID ddbf801c-bcc5-4304-8967-9db68959c4c3 Čísla řádků Původní zprávy auditu node=(removed) type=AVC msg=audit(1260840333.894:11): avc: denied { read } for pid=1891 comm="tuned" path="pipe:[12916]" dev=pipefs ino=12916 scontext=system_u:system_r:tuned_t:s0 tcontext=system_u:system_r:tuned_t:s0 tclass=fifo_file Hash String generated from selinux-policy-3.6.32-56.fc12,catchall,tuned,tuned_t,tuned_t,fifo_file,read audit2allow suggests: #============= tuned_t ============== allow tuned_t self:fifo_file read;
You can add these rules for now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-3.6.32-59.fc12.noarch
selinux-policy-3.6.32-59.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-59.fc12
selinux-policy-3.6.32-59.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-13384