Summary: SELinux is preventing /lib64/ld-2.11.2.so "search" access on admin-serv. Detailed Description: [start-ds-admin has a permissive type (dirsrvadmin_t). This access was not denied.] SELinux denied access requested by ld-linux-x86-64. It is not expected that this access is required by ld-linux-x86-64 and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:dirsrvadmin_t:s0 Target Context system_u:object_r:dirsrvadmin_config_t:s0 Target Objects admin-serv [ dir ] Source start-ds-admin Source Path /bin/bash Port <Unknown> Host (removed) Source RPM Packages glibc-2.11.2-1 Target RPM Packages Policy RPM selinux-policy-3.6.32-121.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux localhost.localdomain 2.6.32.21-168.fc12.x86_64 #1 SMP Wed Sep 15 16:12:07 UTC 2010 x86_64 x86_64 Alert Count 216 First Seen Wed 22 Sep 2010 11:56:56 AM EDT Last Seen Wed 22 Sep 2010 12:06:33 PM EDT Local ID 5fd52e86-6ccb-402f-94ae-c95f840f69e9 Line Numbers Raw Audit Messages node=localhost.localdomain type=AVC msg=audit(1285171593.134:22196): avc: denied { search } for pid=3774 comm="ld-linux-x86-64" name="admin-serv" dev=dm-0 ino=135065 scontext=unconfined_u:system_r:dirsrvadmin_t:s0 tcontext=system_u:object_r:dirsrvadmin_config_t:s0 tclass=dir node=localhost.localdomain type=SYSCALL msg=audit(1285171593.134:22196): arch=c000003e syscall=2 success=yes exit=128 a0=7fffdd4302e0 a1=0 a2=0 a3=ffffffff items=0 ppid=3772 pid=3774 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="ld-linux-x86-64" exe="/lib64/ld-2.11.2.so" subj=unconfined_u:system_r:dirsrvadmin_t:s0 key=(null) Hash String generated from catchall,start-ds-admin,dirsrvadmin_t,dirsrvadmin_config_t,dir,search audit2allow suggests: #============= dirsrvadmin_t ============== allow dirsrvadmin_t dirsrvadmin_config_t:dir search;
reinstalled Fedora 12 using the updates repo during the install and none of the AVC bugs reappeared. There may have been a policy update I was missing.