Summary: SELinux is preventing /bin/bash "search" access on /home. Detailed Description: SELinux denied access requested by sh. It is not expected that this access is required by sh and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:nut_upsmon_t:s0 Target Context system_u:object_r:home_root_t:s0 Target Objects /home [ dir ] Source sh Source Path /bin/bash Port <Unknown> Host (removed) Source RPM Packages bash-4.1.7-1.fc13 Target RPM Packages filesystem-2.4.31-1.fc13 Policy RPM selinux-policy-3.7.19-44.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.33.6-147.2.4.fc13.x86_64 #1 SMP Fri Jul 23 17:14:44 UTC 2010 x86_64 x86_64 Alert Count 4 First Seen Mon 16 Aug 2010 03:28:01 PM CEST Last Seen Mon 16 Aug 2010 03:29:31 PM CEST Local ID 1f536d28-e82b-4f50-89b5-a6e66d3d9cdb Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1281965371.652:13031): avc: denied { search } for pid=4181 comm="sh" name="home" dev=dm-0 ino=999425 scontext=unconfined_u:system_r:nut_upsmon_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1281965371.652:13031): arch=c000003e syscall=4 success=no exit=-13 a0=b6e490 a1=7fffe426a980 a2=7fffe426a980 a3=339ab28910 items=0 ppid=4178 pid=4181 auid=500 uid=57 gid=57 euid=57 suid=57 fsuid=57 egid=57 sgid=57 fsgid=57 tty=(none) ses=29 comm="sh" exe="/bin/bash" subj=unconfined_u:system_r:nut_upsmon_t:s0 key=(null) Hash String generated from catchall,sh,nut_upsmon_t,home_root_t,dir,search audit2allow suggests: #============= nut_upsmon_t ============== allow nut_upsmon_t home_root_t:dir search;
Related to bug #624440: same reporter, same conf (actually same machine), but a different AVC.
Sorry. I probable launched some parts of ups by hand, during the installation of mgeopt-psp. That would explain the AVCs. I have rebooted, and upsd started without any AVCs in ausearch -m acs -ts recent.