SELinux is preventing /usr/bin/gok from 'read' accesses on the directory /var/cvs. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that gok should be allowed read access on the cvs directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep /usr/bin/gok /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:cvs_data_t:s0 Target Objects /var/cvs [ dir ] Source gok Source Path /usr/bin/gok Port <Unbekannt> Host (removed) Source RPM Packages gok-2.30.0-1.fc14 Target RPM Packages cvs-1.11.23-11.fc14 Policy RPM selinux-policy-3.9.7-19.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.35.10-74.fc14.i686 #1 SMP Thu Dec 23 16:17:40 UTC 2010 i686 i686 Alert Count 2 First Seen Mo 03 Jan 2011 20:25:37 CET Last Seen Mo 03 Jan 2011 20:26:45 CET Local ID 8e74eaee-059b-4261-b17b-355e8ae05aff Raw Audit Messages type=AVC msg=audit(1294082805.601:168): avc: denied { read } for pid=18936 comm="gok" name="cvs" dev=dm-1 ino=395813 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cvs_data_t:s0 tclass=dir gok,xdm_t,cvs_data_t,dir,read type=SYSCALL msg=audit(1294082805.601:168): arch=i386 syscall=open success=no exit=EACCES a0=b0a012c0 a1=8000 a2=0 a3=0 items=0 ppid=1 pid=18936 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm=gok exe=/usr/bin/gok subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) gok,xdm_t,cvs_data_t,dir,read #============= xdm_t ============== allow xdm_t cvs_data_t:dir read;
You can dontaudit it using # grep gok /var/log/audit/audit.log | audit2allow -D -M mypol # semodule -i mypol.pp
*** This bug has been marked as a duplicate of bug 643271 ***