Hide Forgot
Summary: SELinux is preventing /usr/libexec/gconf-sanity-check-2 "remove_name" access on gconf-test-locking-file-5T1FPV. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by gconf-sanity-ch. It is not expected that this access is required by gconf-sanity-ch and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context sysadm_u:sysadm_r:oddjob_mkhomedir_t:s0-s0:c0.c102 3 Target Context system_u:object_r:tmp_t:s0 Target Objects gconf-test-locking-file-5T1FPV [ dir ] Source gconf-sanity-ch Source Path /usr/libexec/gconf-sanity-check-2 Port <Unknown> Host (removed) Source RPM Packages GConf2-gtk-2.28.1-1.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-69.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.34.7-61.fc13.i686 #1 SMP Tue Oct 19 04:42:47 UTC 2010 i686 i686 Alert Count 2 First Seen Thu 20 Jan 2011 10:51:23 PM MST Last Seen Thu 20 Jan 2011 10:51:23 PM MST Local ID 93bdffc0-c4d2-48b8-9fa7-79fb37f55637 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1295589083.716:25893): avc: denied { remove_name } for pid=1842 comm="gconf-sanity-ch" name="gconf-test-locking-file-5T1FPV" dev=dm-0 ino=5454 scontext=sysadm_u:sysadm_r:oddjob_mkhomedir_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1295589083.716:25893): avc: denied { unlink } for pid=1842 comm="gconf-sanity-ch" name="gconf-test-locking-file-5T1FPV" dev=dm-0 ino=5454 scontext=sysadm_u:sysadm_r:oddjob_mkhomedir_t:s0-s0:c0.c1023 tcontext=sysadm_u:object_r:tmp_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1295589083.716:25893): arch=40000003 syscall=10 success=yes exit=0 a0=94f6dc8 a1=6 a2=93e248 a3=1 items=0 ppid=1767 pid=1842 auid=500 uid=500 gid=493 euid=500 suid=500 fsuid=500 egid=493 sgid=493 fsgid=493 tty=(none) ses=1 comm="gconf-sanity-ch" exe="/usr/libexec/gconf-sanity-check-2" subj=sysadm_u:sysadm_r:oddjob_mkhomedir_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,gconf-sanity-ch,oddjob_mkhomedir_t,tmp_t,dir,remove_name audit2allow suggests: #============= oddjob_mkhomedir_t ============== allow oddjob_mkhomedir_t tmp_t:dir remove_name; allow oddjob_mkhomedir_t tmp_t:file unlink;
*** This bug has been marked as a duplicate of bug 671607 ***