Summary: SELinux is preventing prelink "read" access on /root. Detailed Description: SELinux denied access requested by prelink. It is not expected that this access is required by prelink and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:prelink_cron_system_t:s0-s0:c0.c 1023 Target Context system_u:object_r:admin_home_t:s0 Target Objects /root [ dir ] Source prelink Source Path prelink Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages filesystem-2.4.31-1.fc13 Policy RPM selinux-policy-3.7.19-44.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.33.6-147.fc13.i686 #1 SMP Sun Jul 11 08:42:03 UTC 2010 i686 i686 Alert Count 1 First Seen Thu 12 Aug 2010 06:48:11 PM CEST Last Seen Thu 12 Aug 2010 06:48:11 PM CEST Local ID 1e9a70e1-7c14-4882-a28b-75a47155573f Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1281631691.293:22909): avc: denied { read } for pid=6863 comm="prelink" path="/root" dev=dm-2 ino=106290 scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir No idea why prelink wanted to prelink in /root... Hash String generated from catchall,prelink,prelink_cron_system_t,admin_home_t,dir,read audit2allow suggests: #============= prelink_cron_system_t ============== allow prelink_cron_system_t admin_home_t:dir read;
Miroslav, I added userdom_dontaudit_list_admin_dir(prelink_cron_system_t)
*** This bug has been marked as a duplicate of bug 621842 ***