Summary: SELinux is preventing /usr/sbin/abrtd "remove_name" access on etilqs_BF4xOp3k8g6gqz9. Detailed Description: [abrtd has a permissive type (abrt_t). This access was not denied.] SELinux denied access requested by abrtd. It is not expected that this access is required by abrtd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:mount_tmp_t:s0 Target Objects etilqs_BF4xOp3k8g6gqz9 [ dir ] Source abrtd Source Path /usr/sbin/abrtd Port <Unknown> Host (removed) Source RPM Packages abrt-1.0.9-1.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-110.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.32.11-99.fc12.i686 #1 SMP Mon Apr 5 16:32:08 EDT 2010 i686 i686 Alert Count 2 First Seen Sun 25 Apr 2010 12:48:00 AM IST Last Seen Sun 25 Apr 2010 12:48:00 AM IST Local ID 81dcf2ff-29fc-4dd9-8685-7361d6070aa4 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1272136680.241:22): avc: denied { remove_name } for pid=6089 comm="abrtd" name="etilqs_BF4xOp3k8g6gqz9" dev=tmpfs ino=72417 scontext=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mount_tmp_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1272136680.241:22): avc: denied { unlink } for pid=6089 comm="abrtd" name="etilqs_BF4xOp3k8g6gqz9" dev=tmpfs ino=72417 scontext=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mount_tmp_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1272136680.241:22): arch=40000003 syscall=10 success=yes exit=0 a0=bfe61b9b a1=280c2 a2=23edd44 a3=c items=0 ppid=1 pid=6089 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="abrtd" exe="/usr/sbin/abrtd" subj=unconfined_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,abrtd,abrt_t,mount_tmp_t,dir,remove_name audit2allow suggests: #============= abrt_t ============== allow abrt_t mount_tmp_t:dir remove_name; allow abrt_t mount_tmp_t:file unlink;
*** This bug has been marked as a duplicate of bug 585565 ***