Description of problem: Konqueror currently SIGSEGV when trying to use Konqueror in a SELinux Sandbox. selinux-policy-targeted-3.9.7-7.fc14.noarch AVCs denial: ------- % sudo tail -f /var/log/audit/audit.log | grep denied [sudo] password for root: type=AVC msg=audit(1289651323.480:30783): avc: denied { read } for pid=5753 comm="kio_http_cache_" name="http" dev=dm-1 ino=152058 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c135,c450 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir type=AVC msg=audit(1289651329.102:30784): avc: denied { unlink } for pid=5753 comm="kio_http_cache_" name="f556d57b7399dc1ff449a6d559b294c6386e212d" dev=dm-1 ino=142067 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c135,c450 tcontext=staff_u:object_r:user_tmp_t:s0:c135,c450 tclass=file type=AVC msg=audit(1289651635.146:30791): avc: denied { read write } for pid=5859 comm="konqueror" name="icon-cache.kcache" dev=dm-1 ino=135904 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=staff_u:object_r:user_tmp_t:s0 tclass=file type=AVC msg=audit(1289651635.146:30791): avc: denied { open } for pid=5859 comm="konqueror" name="icon-cache.kcache" dev=dm-1 ino=135904 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=staff_u:object_r:user_tmp_t:s0 tclass=file type=AVC msg=audit(1289651635.291:30792): avc: denied { connectto } for pid=5873 comm="kded4" path=002F746D702F66616D2D6361726C2D000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tclass=unix_stream_socket type=AVC msg=audit(1289651635.304:30793): avc: denied { read } for pid=5874 comm="kbuildsycoca4" name="ksycoca4" dev=dm-1 ino=156390 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=staff_u:object_r:user_tmp_t:s0:c114,c991 tclass=file type=AVC msg=audit(1289651635.305:30794): avc: denied { open } for pid=5874 comm="kbuildsycoca4" name="ksycoca4" dev=dm-1 ino=156390 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=staff_u:object_r:user_tmp_t:s0:c114,c991 tclass=file type=AVC msg=audit(1289651635.411:30795): avc: denied { execute_no_trans } for pid=5908 comm="sh" path="/usr/lib64/kconf_update_bin/plasma-to-plasma-desktop" dev=dm-1 ino=671573 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=system_u:object_r:lib_t:s0 tclass=file type=AVC msg=audit(1289651636.994:30796): avc: denied { write } for pid=6082 comm="kio_http" name="http" dev=dm-1 ino=152058 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir type=AVC msg=audit(1289651636.994:30796): avc: denied { add_name } for pid=6082 comm="kio_http" name="f2686c83cb487a2814ce40ef6f818e031be58063.nn6082" scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir type=AVC msg=audit(1289651636.994:30796): avc: denied { create } for pid=6082 comm="kio_http" name="f2686c83cb487a2814ce40ef6f818e031be58063.nn6082" scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=staff_u:object_r:user_tmp_t:s0:c460,c691 tclass=file type=AVC msg=audit(1289651636.994:30796): avc: denied { read write open } for pid=6082 comm="kio_http" name="f2686c83cb487a2814ce40ef6f818e031be58063.nn6082" dev=dm-1 ino=131878 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=staff_u:object_r:user_tmp_t:s0:c460,c691 tclass=file type=AVC msg=audit(1289651637.061:30797): avc: denied { remove_name } for pid=6082 comm="kio_http" name="f2686c83cb487a2814ce40ef6f818e031be58063.nn6082" dev=dm-1 ino=131878 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir type=AVC msg=audit(1289651637.061:30797): avc: denied { rename } for pid=6082 comm="kio_http" name="f2686c83cb487a2814ce40ef6f818e031be58063.nn6082" dev=dm-1 ino=131878 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=staff_u:object_r:user_tmp_t:s0:c460,c691 tclass=file type=AVC msg=audit(1289651637.150:30798): avc: denied { read } for pid=6082 comm="kio_http" name="01724794ecfb394e7941675483a6dc4dd86211a3" dev=dm-1 ino=136051 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=staff_u:object_r:user_tmp_t:s0:c135,c450 tclass=file type=AVC msg=audit(1289651637.150:30798): avc: denied { open } for pid=6082 comm="kio_http" name="01724794ecfb394e7941675483a6dc4dd86211a3" dev=dm-1 ino=136051 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=staff_u:object_r:user_tmp_t:s0:c135,c450 tclass=file type=AVC msg=audit(1289651637.229:30799): avc: denied { write } for pid=6087 comm="kio_http_cache_" name="01724794ecfb394e7941675483a6dc4dd86211a3" dev=dm-1 ino=136051 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=staff_u:object_r:user_tmp_t:s0:c135,c450 tclass=file type=AVC msg=audit(1289651637.229:30800): avc: denied { read } for pid=6087 comm="kio_http_cache_" name="http" dev=dm-1 ino=152058 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir type=AVC msg=audit(1289651637.272:30801): avc: denied { unlink } for pid=6087 comm="kio_http_cache_" name="30de6431ee684f6f3f04b2d3f639c92225d7ba40" dev=dm-1 ino=156223 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=staff_u:object_r:user_tmp_t:s0 tclass=file type=AVC msg=audit(1289651637.815:30802): avc: denied { name_connect } for pid=6092 comm="kio_http" dest=5000 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=system_u:object_r:commplex_port_t:s0 tclass=tcp_socket type=AVC msg=audit(1289651650.916:30803): avc: denied { unlink } for pid=6092 comm="kio_http" name="1713b471727ceb17cf418559aa750f4107f11eac" dev=dm-1 ino=132060 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=staff_u:object_r:user_tmp_t:s0 tclass=file type=AVC msg=audit(1289651652.100:30804): avc: denied { read } for pid=6085 comm="kio_http" name="39172552f6c65a554a37a1476b0bd2c4898ea7d4" dev=dm-1 ino=143196 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=staff_u:object_r:user_tmp_t:s0 tclass=file type=AVC msg=audit(1289651652.100:30804): avc: denied { open } for pid=6085 comm="kio_http" name="39172552f6c65a554a37a1476b0bd2c4898ea7d4" dev=dm-1 ino=143196 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=staff_u:object_r:user_tmp_t:s0 tclass=file type=AVC msg=audit(1289651652.250:30805): avc: denied { write } for pid=6087 comm="kio_http_cache_" name="39172552f6c65a554a37a1476b0bd2c4898ea7d4" dev=dm-1 ino=143196 scontext=staff_u:staff_r:sandbox_web_client_t:s0:c460,c691 tcontext=staff_u:object_r:user_tmp_t:s0 tclass=file %sandbox -t sandbox_web_t -X konqueror
Are those files located in /var/tmp?