Summary: SELinux is preventing sh (pptp_t) "dac_override" pptp_t. Detailed Description: SELinux denied access requested by sh. It is not expected that this access is required by sh and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context unconfined_u:unconfined_r:pptp_t:SystemLow- SystemHigh Target Context unconfined_u:unconfined_r:pptp_t:SystemLow- SystemHigh Target Objects None [ capability ] Source sh Source Path /bin/bash Port <Unknown> Host (removed) Source RPM Packages bash-4.0-7.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.12-78.fc11 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.29.6-217.2.8_1.cubbi_tuxonice.fc11.i586 #1 SMP Thu Aug 20 05:16:49 CEST 2009 i686 i686 Alert Count 448 First Seen Mon 13 Jul 2009 11:39:01 AM EDT Last Seen Fri 28 Aug 2009 05:26:38 AM EDT Local ID 29989332-f234-4b30-a692-a772182e1a22 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1251451598.8:31710): avc: denied { dac_override } for pid=4523 comm="sh" capability=1 scontext=unconfined_u:unconfined_r:pptp_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:pptp_t:s0-s0:c0.c1023 tclass=capability node=(removed) type=AVC msg=audit(1251451598.8:31710): avc: denied { dac_read_search } for pid=4523 comm="sh" capability=2 scontext=unconfined_u:unconfined_r:pptp_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:pptp_t:s0-s0:c0.c1023 tclass=capability node=(removed) type=SYSCALL msg=audit(1251451598.8:31710): arch=40000003 syscall=195 success=no exit=-13 a0=80e539b a1=bf8cbcec a2=68eff4 a3=9ada0d0 items=0 ppid=4519 pid=4523 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sh" exe="/bin/bash" subj=unconfined_u:unconfined_r:pptp_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.12-78.fc11,catchall,sh,pptp_t,pptp_t,capability,dac_override audit2allow suggests:libsepol.context_from_record: invalid security context: "unconfined_u:unconfined_r:pptp_t:s0-s0:c0.c1023" libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert unconfined_u:unconfined_r:pptp_t:s0-s0:c0.c1023 to sid libsepol.context_from_record: invalid security context: "unconfined_u:unconfined_r:pptp_t:s0-s0:c0.c1023" libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert unconfined_u:unconfined_r:pptp_t:s0-s0:c0.c1023 to sid
*** This bug has been marked as a duplicate of bug 538428 ***