Summary: SELinux is preventing /usr/bin/system-setup-keyboard "write" access on xorg.conf.d. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by system-setup-ke. It is not expected that this access is required by system-setup-ke and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:hald_t:s0 Target Context system_u:object_r:etc_t:s0 Target Objects xorg.conf.d [ dir ] Source system-setup-ke Source Path /usr/bin/system-setup-keyboard Port <Unknown> Host (removed) Source RPM Packages system-setup-keyboard-0.7-1.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-84.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.33.3-73.fc13.x86_64 #1 SMP Thu Apr 29 09:46:07 UTC 2010 x86_64 x86_64 Alert Count 2 First Seen Sat 08 May 2010 15:04:59 BST Last Seen Sat 08 May 2010 16:26:14 BST Local ID cc5f09bb-e86f-4483-a3dd-2da329b7189f Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1273332374.978:6): avc: denied { write } for pid=1155 comm="system-setup-ke" name="xorg.conf.d" dev=sda4 ino=125593 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1273332374.978:6): arch=c000003e syscall=21 success=yes exit=128 a0=401838 a1=3 a2=7fff40c6ec48 a3=7fff40c6e650 items=0 ppid=1122 pid=1155 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="system-setup-ke" exe="/usr/bin/system-setup-keyboard" subj=system_u:system_r:hald_t:s0 key=(null) Hash String generated from catchall,system-setup-ke,hald_t,etc_t,dir,write audit2allow suggests: #============= hald_t ============== #!!!! The source type 'hald_t' can write to a 'dir' of the following types: # hald_cache_t, hald_var_lib_t, hald_var_run_t, hald_tmp_t, var_lock_t, mnt_t, root_t, tmp_t, virt_image_type, cardmgr_var_run_t, sysctl_vm_t, hald_log_t, device_t, fusefs_t, dosfs_t, var_run_t, var_log_t, root_t allow hald_t etc_t:dir write;
Are you sure, this seems to be a partially updated system. f12 policy and f13 kernel?
Got the same thing following an F12->F13 upgrade.
Right but does it still happen. With F13 selinux policy?
I assume that the F13 policy replaced the F12 policy. I did the upgrade from the DVD.
It did but this AVC might have happened during the process. rpm -q selinux-policy
$ rpm -q selinux-policy selinux-policy-3.7.19-15.fc13.noarch
Ok you look fine. If this AVC happens again reopen the bug.