Summary: SELinux is preventing /bin/su "dac_override" access . Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by su. It is not expected that this access is required by su and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context mauricio:user_r:user_t:s0-s0:c0.c1023 Target Context mauricio:user_r:user_t:s0-s0:c0.c1023 Target Objects None [ capability ] Source su Source Path /bin/su Port <Unknown> Host (removed) Source RPM Packages coreutils-8.4-6.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-69.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.34.7-61.fc13.i686 #1 SMP Tue Oct 19 04:42:47 UTC 2010 i686 i686 Alert Count 7 First Seen Wed 01 Dec 2010 11:22:38 PM MST Last Seen Wed 01 Dec 2010 11:30:03 PM MST Local ID 2ba1393a-a23f-423d-8d37-31d3d9b17c06 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1291271403.568:25536): avc: denied { dac_override } for pid=2265 comm="su" capability=1 scontext=mauricio:user_r:user_t:s0-s0:c0.c1023 tcontext=mauricio:user_r:user_t:s0-s0:c0.c1023 tclass=capability node=(removed) type=AVC msg=audit(1291271403.568:25536): avc: denied { write } for pid=2265 comm="su" name="root" dev=dm-0 ino=307 scontext=mauricio:user_r:user_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1291271403.568:25536): avc: denied { remove_name } for pid=2265 comm="su" name=".xauthOiZblZ" dev=dm-0 ino=5748 scontext=mauricio:user_r:user_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1291271403.568:25536): arch=40000003 syscall=10 success=yes exit=0 a0=8e54440 a1=8e0ea9e a2=f2e120 a3=8dfc878 items=0 ppid=1 pid=2265 auid=500 uid=500 gid=493 euid=0 suid=0 fsuid=0 egid=493 sgid=493 fsgid=493 tty=(none) ses=1 comm="su" exe="/bin/su" subj=mauricio:user_r:user_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,su,user_t,user_t,capability,dac_override audit2allow suggests: #============= user_t ============== #!!!! The source type 'user_t' can write to a 'dir' of the following types: # gpg_pinentry_tmp_t, sandbox_file_type, tmp_t, httpd_user_content_t, user_home_dir_t, user_tmpfs_t, screen_var_run_t, mail_spool_t, mqueue_spool_t, tmpfs_t, gpg_agent_tmp_t, sandbox_file_type, user_tmp_t, httpd_user_script_exec_t, user_home_type, user_fonts_t, user_fonts_config_t, nfsd_rw_t, httpd_user_ra_content_t, httpd_user_rw_content_t, user_fonts_cache_t, screen_home_t, sshd_tmp_t, xdm_tmp_t, noxattrfs, dosfs_t allow user_t admin_home_t:dir { write remove_name }; allow user_t self:capability dac_override;
*** This bug has been marked as a duplicate of bug 659145 ***