Summary: SELinux is preventing /var/lib/boinc/slots/3/dnetc "setpgid" access . Detailed Description: [dnetc has a permissive type (boinc_project_t). This access was not denied.] SELinux denied access requested by dnetc. It is not expected that this access is required by dnetc and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:boinc_project_t:s0 Target Context system_u:system_r:boinc_project_t:s0 Target Objects None [ process ] Source dnetc Source Path /var/lib/boinc/slots/3/dnetc Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.9.7-14.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.35.9-64.fc14.x86_64 #1 SMP Fri Dec 3 12:19:41 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Mon 06 Dec 2010 03:13:09 AM CST Last Seen Mon 06 Dec 2010 03:13:09 AM CST Local ID 5ce186b6-5c4c-42cd-948e-031b5a8b0317 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1291626789.429:75219): avc: denied { setpgid } for pid=548 comm="dnetc" scontext=system_u:system_r:boinc_project_t:s0 tcontext=system_u:system_r:boinc_project_t:s0 tclass=process node=(removed) type=SYSCALL msg=audit(1291626789.429:75219): arch=c000003e syscall=109 per=400000 success=yes exit=0 a0=0 a1=0 a2=224 a3=7fffa444de00 items=0 ppid=528 pid=548 auid=0 uid=468 gid=450 euid=468 suid=468 fsuid=468 egid=450 sgid=450 fsgid=450 tty=(none) ses=259 comm="dnetc" exe="/var/lib/boinc/slots/3/dnetc" subj=system_u:system_r:boinc_project_t:s0 key=(null) Hash String generated from catchall,dnetc,boinc_project_t,boinc_project_t,process,setpgid audit2allow suggests: #============= boinc_project_t ============== allow boinc_project_t self:process setpgid;
Will add.
Fixed in selinux-policy-3.9.7-16.fc14
selinux-policy-3.9.7-16.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-16.fc14
selinux-policy-3.9.7-16.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-16.fc14
I tried running the command you sent in the email and this is the message I get in return: [user@systemname ~]$ su -c 'yum --enablerepo=updates-testing update selinux-policy' Password: Loaded plugins: auto-update-debuginfo, langpacks, presto, refresh-packagekit Adding en_US to language list Found 51 installed debuginfo package(s) Enabling updates-testing-debuginfo: Fedora 14 - x86_64 - Test Updates Debug Setting up Update Process No Packages marked for Update [user@systemname ~]$ So I came to this website and tried to install the package with kpackage and this is the error I get: selinux-policy-targeted-3.9.7-14.fc14.noarch requires selinux-policy = 3.9.7-14.fc14 Dewayne
Dewayne, download selinux-policy-3.9.7-14.fc14.noarch also
I did. I have tried, this is what I get: [root@Ssystemname]# yum install selinux-policy-3.9.7-14.fc14.noarch Loaded plugins: auto-update-debuginfo, langpacks, presto, refresh-packagekit Adding en_US to language list Found 51 installed debuginfo package(s) Enabling updates-testing-debuginfo: Fedora 14 - x86_64 - Test Updates Debug Setting up Install Process Package selinux-policy-3.9.7-14.fc14.noarch already installed and latest version Nothing to do [root@systemname]# Dewayne
If you install policy by hand from koji, you need to download both selinux-policy selinux-policy-targeted packages. So http://kojipkgs.fedoraproject.org/packages/selinux-policy/3.9.7/16.fc14/noarch/selinux-policy-3.9.7-16.fc14.noarch.rpm http://kojipkgs.fedoraproject.org/packages/selinux-policy/3.9.7/16.fc14/noarch/selinux-policy-targeted-3.9.7-16.fc14.noarch.rpm But this release should be in testing repo.
selinux-policy-3.9.7-16.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.