Happens when doing "cobbler check". Summary: SELinux is preventing /bin/bash "execute" access on /usr/sbin/semanage. Detailed Description: SELinux denied access requested by sh. It is not expected that this access is required by sh and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:cobblerd_t:s0 Target Context system_u:object_r:semanage_exec_t:s0 Target Objects /usr/sbin/semanage [ file ] Source sh Source Path /bin/bash Port <Unknown> Host (removed) Source RPM Packages bash-4.1.7-1.fc13 Target RPM Packages policycoreutils-python-2.0.82-31.fc13 Policy RPM selinux-policy-3.7.19-37.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.33.6-147.fc13.x86_64 #1 SMP Tue Jul 6 22:32:17 UTC 2010 x86_64 x86_64 Alert Count 2 First Seen Fri 23 Jul 2010 09:11:08 AM EDT Last Seen Fri 23 Jul 2010 09:11:08 AM EDT Local ID 6f820525-19eb-41a2-966e-0ee895deb5f9 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1279890668.369:29615): avc: denied { execute } for pid=12834 comm="sh" name="semanage" dev=dm-0 ino=24446 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:semanage_exec_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1279890668.369:29615): arch=c000003e syscall=59 success=no exit=-13 a0=125de10 a1=125dee0 a2=125cb30 a3=20 items=0 ppid=12832 pid=12834 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=12 comm="sh" exe="/bin/bash" subj=unconfined_u:system_r:cobblerd_t:s0 key=(null) Hash String generated from catchall,sh,cobblerd_t,semanage_exec_t,file,execute audit2allow suggests: #============= cobblerd_t ============== allow cobblerd_t semanage_exec_t:file execute;
*** This bug has been marked as a duplicate of bug 617573 ***