Summary: SELinux is preventing /bin/bash "execute_no_trans" access on /lib/upstart/shutdown. Detailed Description: SELinux denied access requested by ck-system-stop. It is not expected that this access is required by ck-system-stop and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:consolekit_t:s0-s0:c0.c1023 Target Context system_u:object_r:lib_t:s0 Target Objects /lib/upstart/shutdown [ file ] Source ck-system-stop Source Path /bin/bash Port <Unknown> Host (removed) Source RPM Packages bash-4.1.7-3.fc14 Target RPM Packages upstart-0.6.5-7.fc14 Policy RPM selinux-policy-3.8.8-3.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.35-0.56.rc6.git1.fc14.x86_64 #1 SMP Sat Jul 24 00:49:49 UTC 2010 x86_64 x86_64 Alert Count 5 First Seen Mon 26 Jul 2010 09:56:28 PM CLT Last Seen Tue 27 Jul 2010 10:49:29 AM CLT Local ID 715c72eb-2eb1-47e4-ace8-82fe4220bb2a Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1280242169.668:631): avc: denied { execute_no_trans } for pid=3811 comm="ck-system-stop" path="/lib/upstart/shutdown" dev=dm-0 ino=1024005 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1280242169.668:631): arch=c000003e syscall=59 success=no exit=-13 a0=14dcb50 a1=14dafd0 a2=14dab60 a3=20 items=0 ppid=3810 pid=3811 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ck-system-stop" exe="/bin/bash" subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,ck-system-stop,consolekit_t,lib_t,file,execute_no_trans audit2allow suggests: #============= consolekit_t ============== allow consolekit_t lib_t:file execute_no_trans;
yum update selinux-policy restorecon /lib/upstart/shutdown /lib/upstart/shutdown system_u:object_r:shu
# ls -lZ /lib/upstart/shutdown -rwxr-xr-x. root root system_u:object_r:shutdown_exec_t:s0 /lib/upstart/shutdown selinux-policy-3.8.8-10.fc14.noarch selinux-policy-targeted-3.8.8-10.fc14.noarch No mention of upstart in /var/log/audit/audit.log
Sot it should work fine now. The bug happened in July
Should I close it? I'm on systemd right now...