Summary: SELinux is preventing /var/lib/boinc/projects/climateprediction.net/famous_6.11_i686-pc-linux-gnu "execmod" access to /var/lib/boinc/projects/climateprediction.net/famous_se_6.11_i686-pc-linux-gnu.so. Detailed Description: [famous_6.11_i68 has a permissive type (boinc_t). This access was not denied.] SELinux denied access requested by /var/lib/boinc/projects/climateprediction.net/famous_6.11_i686-pc-linux-gnu. /var/lib/boinc/projects/climateprediction.net/famous_6.11_i686-pc-linux-gnu is mislabeled. /var/lib/boinc/projects/climateprediction.net/famous_6.11_i686-pc-linux-gnu default SELinux type is boinc_var_lib_t, but its current type is boinc_var_lib_t. Changing this file back to the default type, may fix your problem. If you believe this is a bug, please file a bug report against this package. Allowing Access: You can restore the default system context to this file by executing the restorecon command. restorecon '/var/lib/boinc/projects/climateprediction.net/famous_6.11_i686-pc-linux-gnu'. Fix Command: /sbin/restorecon '/var/lib/boinc/projects/climateprediction.net/famous_6.11_i686-pc-linux-gnu' Additional Information: Source Context system_u:system_r:boinc_t:s0 Target Context system_u:object_r:boinc_var_lib_t:s0 Target Objects /var/lib/boinc/projects/climateprediction.net/famo us_se_6.11_i686-pc-linux-gnu.so [ file ] Source famous_6.11_i68 Source Path /var/lib/boinc/projects/climateprediction.net/famo us_6.11_i686-pc-linux-gnu Port <Unknown> Host Rob.PC Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.7.19-33.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name restore_source_context Host Name Rob.PC Platform Linux Rob.PC 2.6.33.5-124.fc13.x86_64 #1 SMP Fri Jun 11 09:38:12 UTC 2010 x86_64 x86_64 Alert Count 12 First Seen Sun 04 Jul 2010 21:57:47 BST Last Seen Mon 12 Jul 2010 15:16:08 BST Local ID a332184b-0161-4cff-9151-e2d5827d7645 Line Numbers Raw Audit Messages node=Rob.PC type=AVC msg=audit(1278944168.243:69): avc: denied { execmod } for pid=26171 comm="famous_6.11_i68" path="/var/lib/boinc/projects/climateprediction.net/famous_se_6.11_i686-pc-linux-gnu.so" dev=dm-3 ino=531244 scontext=system_u:system_r:boinc_t:s0 tcontext=system_u:object_r:boinc_var_lib_t:s0 tclass=file node=Rob.PC type=SYSCALL msg=audit(1278944168.243:69): arch=40000003 syscall=125 success=yes exit=0 a0=25d000 a1=76000 a2=5 a3=ffc40420 items=0 ppid=1743 pid=26171 auid=4294967295 uid=489 gid=476 euid=489 suid=489 fsuid=489 egid=476 sgid=476 fsgid=476 tty=(none) ses=4294967295 comm="famous_6.11_i68" exe="/var/lib/boinc/projects/climateprediction.net/famous_6.11_i686-pc-linux-gnu" subj=system_u:system_r:boinc_t:s0 key=(null)
Miroslav these look like random packages downloaded for boinc, So either we allow execmod on these libraries or force the users to set the label to textrel_shlib_t.
Fixed in selinux-policy-3.7.19-42.fc13.
selinux-policy-3.7.19-44.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-44.fc13
selinux-policy-3.7.19-44.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-44.fc13
selinux-policy-3.7.19-44.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
After updating system with: Updated selinux-policy-3.7.19-41.fc13.noarch Update 3.7.19-44.fc13.noarch Updated selinux-policy-targeted-3.7.19-41.fc13.noarch Update 3.7.19-44.fc13.noarch I am now being spammed with, where minirosetta is another boinc project: SELinux is preventing minirosetta_2.1 "associate" access . [minirosetta_2.1 has a permissive type (boinc_project_t). This access was not denied.] SELinux is preventing minirosetta_2.1 "associate" access . [minirosetta_2.1 has a permissive type (boinc_project_t). This access was not denied.] (This was flagged as two separate problems, not one problem repeated twice) SELinux is preventing minirosetta_2.1 "create" access [minirosetta_2.1 has a permissive type (boinc_project_t). This access was not denied.] SELinux is preventing minirosetta_2.1 "destroy" access . [minirosetta_2.1 has a permissive type (boinc_project_t). This access was not denied.] SELinux is preventing minirosetta_2.1 "destroy" access . [minirosetta_2.1 has a permissive type (boinc_project_t). This access was not denied.] SELinux is preventing minirosetta_2.1 "read" access . [minirosetta_2.1 has a permissive type (boinc_project_t). This access was not denied.] SELinux is preventing minirosetta_2.1 "read" access on fifo_file. [minirosetta_2.1 has a permissive type (boinc_project_t). This access was not denied.] SELinux is preventing minirosetta_2.1 "unix_write" access . [minirosetta_2.1 has a permissive type (boinc_project_t). This access was not denied.] SELinux is preventing minirosetta_2.1 "write" access on fifo_file. [minirosetta_2.1 has a permissive type (boinc_project_t). This access was not denied.] Attachments with copys of the full reports will follow shortly
Created attachment 438294 [details] Various Selinux denial events Various Selinux denial events
Fixed in Fixed in selinux-policy-3.7.19-47.fc13.
selinux-policy-3.7.19-47.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-47.fc13
selinux-policy-3.7.19-47.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-47.fc13
selinux-policy-3.7.19-47.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.