Summary: SELinux is preventing the getSystemId from using potentially mislabeled files (/tmp). Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux has denied getSystemId access to potentially mislabeled file(s) (/tmp). This means that SELinux will not allow getSystemId to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Allowing Access: If you want getSystemId to access this files, you need to relabel them using restorecon -v '/tmp'. You might want to relabel the entire directory using restorecon -R -v '/tmp'. Additional Information: Source Context unconfined_u:system_r:snmpd_t:s0 Target Context system_u:object_r:tmp_t:s0 Target Objects /tmp [ dir ] Source getSystemId Source Path /usr/bin/python Port <Unknown> Host (removed) Source RPM Packages python-2.6-9.fc11 Target RPM Packages filesystem-2.4.21-1.fc11 Policy RPM selinux-policy-3.6.12-69.fc11 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name home_tmp_bad_labels Host Name (removed) Platform Linux (removed) 2.6.29.5-191.fc11.i586 #1 SMP Tue Jun 16 23:11:39 EDT 2009 i686 i686 Alert Count 4 First Seen Tue 04 Aug 2009 04:50:39 PM JST Last Seen Tue 04 Aug 2009 04:50:39 PM JST Local ID 083927da-1aa7-47fe-8f5e-c747611f4cfb Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1249372239.183:19128): avc: denied { write } for pid=16148 comm="getSystemId" name="tmp" dev=dm-0 ino=21594113 scontext=unconfined_u:system_r:snmpd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1249372239.183:19128): avc: denied { add_name } for pid=16148 comm="getSystemId" name="ffihON8a6" scontext=unconfined_u:system_r:snmpd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1249372239.183:19128): avc: denied { create } for pid=16148 comm="getSystemId" name="ffihON8a6" scontext=unconfined_u:system_r:snmpd_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=file node=(removed) type=AVC msg=audit(1249372239.183:19128): avc: denied { read write open } for pid=16148 comm="getSystemId" name="ffihON8a6" dev=dm-0 ino=21594211 scontext=unconfined_u:system_r:snmpd_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1249372239.183:19128): arch=40000003 syscall=5 success=yes exit=7 a0=bf873be0 a1=c2 a2=180 a3=11c75074 items=0 ppid=16147 pid=16148 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="getSystemId" exe="/usr/bin/python" subj=unconfined_u:system_r:snmpd_t:s0 key=(null) Hash String generated from home_tmp_bad_labels,getSystemId,snmpd_t,tmp_t,dir,write audit2allow suggests: #============= snmpd_t ============== #!!!! The source type 'snmpd_t' can write to a 'dir' of the following types: # usr_t, var_t, var_lib_t, var_run_t, var_log_t, snmpd_var_lib_t, snmpd_var_run_t, root_t allow snmpd_t tmp_t:dir { write add_name }; #!!!! The source type 'snmpd_t' can write to a 'file' of the following types: # snmpd_log_t, snmpd_var_lib_t, snmpd_var_run_t, root_t allow snmpd_t tmp_t:file { read write create open };
*** This bug has been marked as a duplicate of bug 589402 ***