Any idea where the file Packages is located?

What version of selinux-policy do you have installed?

rpm -q selinux-policy

I have the same problem but was not able to file the bug due to problem in name resolution. I am using selinux-policy-3.6.32-116.fc12.noarch. I have a file named Packages in /var/lib/rpm/, is that the one?

No.


 please attach the AVC messages from your audit log compressed.

ausearch -m avc ts today

It seems this problem only occurred with the previous kernel version. SELinux says "This alert has occurred 3 times since Wed Jun 9, 2010", but the fact is that I installed it on the 8th of June.
ausearch command gives me "ts is an unsupported option".

Summary:

SELinux is preventing /usr/sbin/abrtd (deleted) "write" access on /etc/abrt.

Detailed Description:

[abrtd has a permissive type (abrt_t). This access was not denied.]

SELinux denied access requested by abrtd. It is not expected that this access is
required by abrtd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context                system_u:system_r:abrt_t:s0
Target Context                system_u:object_r:abrt_etc_t:s0
Target Objects                /etc/abrt [ dir ]
Source                        abrtd
Source Path                   /usr/sbin/abrtd (deleted)
Port                          <Unknown>
Host                          new-host.home
Source RPM Packages           
Target RPM Packages           abrt-1.0.9-2.fc12
Policy RPM                    selinux-policy-3.6.32-116.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     new-host.home
Platform                      Linux new-host.home 2.6.31.5-127.fc12.i686 #1 SMP
                              Sat Nov 7 21:41:45 EST 2009 i686 athlon
Alert Count                   3
First Seen                    Wed 09 Jun 2010 03:48:09 AM WEST
Last Seen                     Wed 09 Jun 2010 03:48:09 AM WEST
Local ID                      64a71bbd-67f7-4d31-a466-bcc9b1e0de64
Line Numbers                  

Raw Audit Messages            

node=new-host.home type=AVC msg=audit(1276051689.157:35018): avc:  denied  { write } for  pid=1181 comm="abrtd" name="abrt" dev=sda3 ino=23447 scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:abrt_etc_t:s0 tclass=dir

node=new-host.home type=AVC msg=audit(1276051689.157:35018): avc:  denied  { add_name } for  pid=1181 comm="abrtd" name="pyhook.conf" scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:abrt_etc_t:s0 tclass=dir

node=new-host.home type=AVC msg=audit(1276051689.157:35018): avc:  denied  { create } for  pid=1181 comm="abrtd" name="pyhook.conf" scontext=system_u:system_r:abrt_t:s0 tcontext=system_u:object_r:abrt_etc_t:s0 tclass=file

node=new-host.home type=SYSCALL msg=audit(1276051689.157:35018): arch=40000003 syscall=5 success=yes exit=9 a0=82d0b9 a1=8241 a2=1b6 a3=38fec9 items=0 ppid=1 pid=1181 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrtd" exe=2F7573722F7362696E2F6162727464202864656C6574656429 subj=system_u:system_r:abrt_t:s0 key=(null)

It is probable I have chaged the dates during the upgrade proccess because it was wrong. Since this problem did not occur again it was likely a problem in the previous kernel (in Fedora 12 by default). I suggest the bug be closed.

It is probable I have chaged the dates during the upgrade proccess because it was wrong. Since this problem did not occur again it was likely a problem in the previous kernel (in Fedora 12 by default). I suggest the bug be closed.