Summary: SELinux is preventing /bin/bash "open" access on console. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by sh. It is not expected that this access is required by sh and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:cobblerd_t:SystemLow Target Context system_u:object_r:console_device_t:SystemLow Target Objects console [ chr_file ] Source sh Source Path /bin/bash Port <Unknown> Host (removed) Source RPM Packages bash-4.1.2-4.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-15.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.33.4-95.fc13.x86_64 #1 SMP Thu May 13 05:16:23 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Sun 30 May 2010 11:01:50 BST Last Seen Sun 30 May 2010 11:01:50 BST Local ID 0d137ddb-46d3-42b6-8fe5-d387dda3b9ec Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1275213710.788:11): avc: denied { open } for pid=2649 comm="sh" name="console" dev=devtmpfs ino=5457 scontext=system_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file node=(removed) type=SYSCALL msg=audit(1275213710.788:11): arch=c000003e syscall=2 success=yes exit=7 a0=21ff010 a1=802 a2=c a3=1000 items=0 ppid=2646 pid=2649 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/bash" subj=system_u:system_r:cobblerd_t:s0 key=(null) Hash String generated from catchall,sh,cobblerd_t,console_device_t,chr_file,open audit2allow suggests: #============= cobblerd_t ============== allow cobblerd_t console_device_t:chr_file open;
Lost this bug in the flood. Are you still seeing this avc? Does cobbler work ok?