Summary: SELinux is preventing /usr/bin/pgrep "search" access on 1787. Detailed Description: [pgrep has a permissive type (ksmtuned_t). This access was not denied.] SELinux denied access requested by pgrep. It is not expected that this access is required by pgrep and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:ksmtuned_t:s0 Target Context system_u:object_r:unlabeled_t:s0 Target Objects 1787 [ dir ] Source pgrep Source Path /usr/bin/pgrep Port <Unknown> Host (removed) Source RPM Packages procps-3.2.8-3.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-113.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.32.11-99.fc12.x86_64 #1 SMP Mon Apr 5 19:59:38 UTC 2010 x86_64 x86_64 Alert Count 27 First Seen Fri 09 Apr 2010 08:13:40 AM EDT Last Seen Fri 07 May 2010 08:34:45 AM EDT Local ID 82cfddc3-7d78-431a-b84f-06ec4b34ef2e Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1273235685.524:168): avc: denied { search } for pid=7312 comm="pgrep" name="1787" dev=proc ino=16302 scontext=system_u:system_r:ksmtuned_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1273235685.524:168): avc: denied { read } for pid=7312 comm="pgrep" name="status" dev=proc ino=862623 scontext=system_u:system_r:ksmtuned_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file node=(removed) type=AVC msg=audit(1273235685.524:168): avc: denied { open } for pid=7312 comm="pgrep" name="status" dev=proc ino=862623 scontext=system_u:system_r:ksmtuned_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1273235685.524:168): arch=c000003e syscall=2 success=yes exit=4 a0=3b5c411840 a1=0 a2=0 a3=fffffffa items=0 ppid=7311 pid=7312 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pgrep" exe="/usr/bin/pgrep" subj=system_u:system_r:ksmtuned_t:s0 key=(null) Hash String generated from catchall,pgrep,ksmtuned_t,unlabeled_t,dir,search audit2allow suggests: #============= ksmtuned_t ============== allow ksmtuned_t unlabeled_t:dir search; allow ksmtuned_t unlabeled_t:file { read open };
This looks like you have an unlabeled process running on your machine. The usually means that a process was running with a label that the kernel no longer understands. It should not happen. It could happen because of a package installing an selinux policy and then removing it. If you see unlabeled_t processes running on your system kill them and restart them. ps -eZ | grep unlabeled_t if this happens again reopen the bug.