Summary: SELinux is preventing /var/lib/boinc/projects/wuprop.boinc-af.org/data_collect_1.33_x86_64-pc-linux-gnu__nci "name_connect" access to <Unknown>. Detailed Description: [data_collect_1. has a permissive type (boinc_t). This access was not denied.] SELinux denied access requested by /var/lib/boinc/projects/wuprop.boinc-af.org/data_collect_1.33_x86_64-pc-linux-gnu__nci. /var/lib/boinc/projects/wuprop.boinc-af.org/data_collect_1.33_x86_64-pc-linux-gnu__nci is mislabeled. /var/lib/boinc/projects/wuprop.boinc-af.org/data_collect_1.33_x86_64-pc-linux-gnu__nci default SELinux type is boinc_var_lib_t, but its current type is boinc_var_lib_t. Changing this file back to the default type, may fix your problem. If you believe this is a bug, please file a bug report against this package. Allowing Access: You can restore the default system context to this file by executing the restorecon command. restorecon '/var/lib/boinc/projects/wuprop.boinc-af.org/data_collect_1.33_x86_64-pc-linux-gnu__nci'. Fix Command: /sbin/restorecon '/var/lib/boinc/projects/wuprop.boinc-af.org/data_collect_1.33_x86_64-pc-linux-gnu__nci' Additional Information: Source Context unconfined_u:system_r:boinc_t:s0 Target Context system_u:object_r:boinc_port_t:s0 Target Objects None [ tcp_socket ] Source data_collect_1. Source Path /var/lib/boinc/projects/wuprop.boinc- af.org/data_collect_1.33_x86_64-pc-linux-gnu__nci Port 31416 Host rigel.milky.way Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.7.19-28.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name restore_source_context Host Name rigel.milky.way Platform Linux rigel.milky.way 2.6.33.5-124.fc13.x86_64 #1 SMP Fri Jun 11 09:38:12 UTC 2010 x86_64 x86_64 Alert Count 43 First Seen Fri 25 Jun 2010 08:23:32 AM EDT Last Seen Sun 27 Jun 2010 05:06:36 PM EDT Local ID 6cad3dd9-7420-463e-af22-b60358b8a01a Line Numbers Raw Audit Messages node=rigel.milky.way type=AVC msg=audit(1277672796.90:56025): avc: denied { name_connect } for pid=3439 comm="data_collect_1." dest=31416 scontext=unconfined_u:system_r:boinc_t:s0 tcontext=system_u:object_r:boinc_port_t:s0 tclass=tcp_socket node=rigel.milky.way type=SYSCALL msg=audit(1277672796.90:56025): arch=c000003e syscall=42 success=yes exit=0 a0=e a1=7fff1c321600 a2=10 a3=1999999999999999 items=0 ppid=3427 pid=3439 auid=500 uid=491 gid=472 euid=491 suid=491 fsuid=491 egid=472 sgid=472 fsgid=472 tty=(none) ses=1 comm="data_collect_1." exe="/var/lib/boinc/projects/wuprop.boinc-af.org/data_collect_1.33_x86_64-pc-linux-gnu__nci" subj=unconfined_u:system_r:boinc_t:s0 key=(null) -- How reproducible: As long as a WUProp@Home project task is running in BOINC, this alert continues to recur every few moments. Steps to Reproduce: 1. Start boinc-client working on a WUProp@Home project task. Actual results: SELinux Security Alert. Expected results: No SELinux Security Alert. Additional info: The statement "... default SELinux type is boinc_var_lib_t, but its current type is boinc_var_lib_t. Changing this file back to the default type, may fix your problem." obfuscates the issue for me. I have tried restoring the context to no avail: the denial occurs again, both before and after a reboot.
Dan, I will add corenet_tcp_connect_boinc_port(boinc_t)
Fixed in selinux-policy-3.7.19-32.fc13
selinux-policy-3.7.19-33.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-33.fc13
selinux-policy-3.7.19-33.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-33.fc13
selinux-policy-3.7.19-33.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.