Summary: SELinux is preventing certwatch (certwatch_t) "write" to ./cache (var_t). Detailed Description: SELinux denied access requested by certwatch. It is not expected that this access is required by certwatch and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./cache, restorecon -v './cache' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:certwatch_t:s0 Target Context system_u:object_r:var_t:s0 Target Objects ./cache [ dir ] Source certwatch Source Path /usr/bin/certwatch Port <Unknown> Host (removed) Source RPM Packages crypto-utils-2.4.1-2 Target RPM Packages Policy RPM selinux-policy-3.5.13-18.fc10 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall_file Host Name (removed) Platform Linux (removed) 2.6.27.5-117.fc10.x86_64 #1 SMP Tue Nov 18 11:58:53 EST 2008 x86_64 x86_64 Alert Count 2 First Seen Thu 26 Feb 2009 02:28:05 SAST Last Seen Thu 26 Feb 2009 04:09:36 SAST Local ID 05e3e62b-dd5e-467d-bc92-506fd5b65228 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1235614176.532:40): avc: denied { write } for pid=21234 comm="certwatch" name="cache" dev=sda6 ino=3178507 scontext=system_u:system_r:certwatch_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1235614176.532:40): arch=c000003e syscall=83 success=no exit=-13 a0=84641f a1=3ff a2=0 a3=7fffabfb6380 items=0 ppid=21228 pid=21234 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="certwatch" exe="/usr/bin/certwatch" subj=system_u:system_r:certwatch_t:s0 key=(null) Hash String generated from selinux-policy-3.5.13-18.fc10,catchall_file,certwatch,certwatch_t,var_t,dir,write audit2allow suggests: #============= certwatch_t ============== #!!!! This avc is allowed in the current policy allow certwatch_t var_t:dir write;
I have a USB printer: Samsung CLP-310. I have installed the Samsung "UnifiedLinuxDriver_1.00.tar.gz" driver for the printer. When I submitted the print job, this error appeared.
*** This bug has been marked as a duplicate of bug 538428 ***
You are reporting an F10 problem on an F12 machine.
My apologies. I was running F10 on a machine and ran preupgrade to get it to F11. Then I ran preupgrade to get it to F12. When I installed the printer driver and printed my first job I got the error. So I am puzzled as to why it asked for this, but I am sorry for wasting your time. Regards Louis
No problem. Just go through setroubleshoot and delete the old avc messages. I am working on an udpdate to setroubleshoot to do this automatically.