Summary: SELinux is preventing /usr/bin/updatedb "getattr" access on /mnt/sysroot/etc/udev/rules.d. Detailed Description: SELinux denied access requested by updatedb. It is not expected that this access is required by updatedb and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:locate_t:s0-s0:c0.c1023 Target Context system_u:object_r:unlabeled_t:s0 Target Objects /mnt/sysroot/etc/udev/rules.d [ dir ] Source updatedb Source Path /usr/bin/updatedb Port <Unknown> Host (removed) Source RPM Packages mlocate-0.22.4-1.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-39.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.33.6-147.fc13.x86_64 #1 SMP Tue Jul 6 22:32:17 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Wed 28 Jul 2010 03:50:17 AM MDT Last Seen Wed 28 Jul 2010 03:50:17 AM MDT Local ID 6e3d47e6-fba9-4518-ad8b-9aaae6d40361 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1280310617.780:900): avc: denied { getattr } for pid=19349 comm="updatedb" path="/mnt/sysroot/etc/udev/rules.d" dev=dm-4 ino=1048604 scontext=system_u:system_r:locate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1280310617.780:900): arch=c000003e syscall=6 success=no exit=-13 a0=244d7f9 a1=7fff27735390 a2=7fff27735390 a3=38041285b0 items=0 ppid=19343 pid=19349 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=138 comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:locate_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,updatedb,locate_t,unlabeled_t,dir,getattr audit2allow suggests: #============= locate_t ============== allow locate_t unlabeled_t:dir getattr;
This looks like local customization. What file system is mounted at /mnt/sysroot? Is this a file system from a labeled disk?
Yes - it was a temporary mount to an ext4 partition containing a rawhide image (I've set my machine up for dual boot, and was trying to do an off-line repair for an issue in my rawhide boot), so I guess it would be okay to close this out as not a bug, since it won't affect default installs. Meanwhile, I should probably tweak my updatedb settings to ignore cross-mounted images (as locate should only find programs accessible to the current OS, and not the disk images of other OSs that I have temporarily mounted).
Yes, the problem here is labels in Rawhide are not understood in F13. So it is complaining about the label.