Summary: SELinux is preventing /var/lib/boinc/projects/climateprediction.net/hadsm3_6.08_i686-pc-linux-gnu "read" access on fifo_file. Detailed Description: [hadsm3_6.08_i68 has a permissive type (boinc_project_t). This access was not denied.] SELinux denied access requested by hadsm3_6.08_i68. It is not expected that this access is required by hadsm3_6.08_i68 and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:boinc_project_t:s0 Target Context system_u:system_r:boinc_project_t:s0 Target Objects fifo_file [ fifo_file ] Source hadsm3_6.08_i68 Source Path hadsm3_6.08_i68 Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.7.19-44.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.33.6-147.2.4.fc13.i686.PAE #1 SMP Fri Jul 23 17:21:06 UTC 2010 i686 i686 Alert Count 2 First Seen ma. 16. aug. 2010 kl. 17.00 +0000 Last Seen ma. 16. aug. 2010 kl. 17.00 +0000 Local ID c0495c37-65a3-4ba0-b260-5c17fd930325 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1281970845.461:20156): avc: denied { read } for pid=15750 comm="hadsm3_6.08_i68" path="pipe:[2657433]" dev=pipefs ino=2657433 scontext=system_u:system_r:boinc_project_t:s0 tcontext=system_u:system_r:boinc_project_t:s0 tclass=fifo_file node=(removed) type=SYSCALL msg=audit(1281970845.461:20156): arch=40000003 syscall=3 success=yes exit=148 a0=8 a1=85eb234 a2=94 a3=819dcc0 items=0 ppid=15748 pid=15750 auid=0 uid=494 gid=490 euid=494 suid=494 fsuid=494 egid=490 sgid=490 fsgid=490 tty=(none) ses=41 comm="hadsm3_6.08_i68" exe="/var/lib/boinc/projects/climateprediction.net/hadsm3_6.08_i686-pc-linux-gnu" subj=system_u:system_r:boinc_project_t:s0 key=(null) Hash String generated from catchall,hadsm3_6.08_i68,boinc_project_t,boinc_project_t,fifo_file,read audit2allow suggests: #============= boinc_project_t ============== allow boinc_project_t self:fifo_file read;
It was fixed in selinux-policy-3.7.19-47.fc13.noarch. Updated packages are now available from update repo. yum update selinux-policy-targeted