Summary: SELinux prevented my_print_defaul from reading files stored on a NFS filesytem. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux prevented my_print_defaul from reading files stored on a NFS filesystem. NFS (Network Filesystem) is a network filesystem commonly used on Unix / Linux systems. my_print_defaul attempted to read one or more files or directories from a mounted filesystem of this type. As NFS filesystems do not support fine-grained SELinux labeling, all files and directories in the filesystem will have the same security context. If you have not configured my_print_defaul to read files from a NFS filesystem this access attempt could signal an intrusion attempt. Allowing Access: Changing the "use_nfs_home_dirs" boolean to true will allow this access: "setsebool -P use_nfs_home_dirs=1" Fix Command: setsebool -P use_nfs_home_dirs=1 Additional Information: Source Context unconfined_u:system_r:mysqld_safe_t:s0 Target Context system_u:object_r:nfs_t:s0 Target Objects .my.cnf [ file ] Source my_print_defaul Source Path /usr/bin/my_print_defaults Port <Unknown> Host (removed) Source RPM Packages mysql-5.1.47-1.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-21.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name use_nfs_home_dirs Host Name (removed) Platform Linux (removed) 2.6.33.5-112.fc13.x86_64 #1 SMP Thu May 27 02:28:31 UTC 2010 x86_64 x86_64 Alert Count 4 First Seen Tue 08 Jun 2010 04:53:30 PM EDT Last Seen Tue 08 Jun 2010 04:53:34 PM EDT Local ID 6788838a-e2f0-465e-9393-80f926e27815 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1276030414.465:3159250): avc: denied { read } for pid=32236 comm="my_print_defaul" name=".my.cnf" dev=afs ino=1180030 scontext=unconfined_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file node=(removed) type=AVC msg=audit(1276030414.465:3159250): avc: denied { open } for pid=32236 comm="my_print_defaul" name=".my.cnf" dev=afs ino=1180030 scontext=unconfined_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1276030414.465:3159250): arch=c000003e syscall=2 success=yes exit=3 a0=7fff4c5a4590 a1=0 a2=1b6 a3=0 items=0 ppid=32223 pid=32236 auid=768 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts11 ses=1 comm="my_print_defaul" exe="/usr/bin/my_print_defaults" subj=unconfined_u:system_r:mysqld_safe_t:s0 key=(null) Hash String generated from use_nfs_home_dirs,my_print_defaul,mysqld_safe_t,nfs_t,file,read audit2allow suggests: #============= mysqld_safe_t ============== allow mysqld_safe_t nfs_t:file { read open };
*** This bug has been marked as a duplicate of bug 601914 ***