Hide Forgot
SELinux is preventing /usr/libexec/telepathy-gabble from 'remove_name' accesses on the directory caps-cache.db-journal. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that telepathy-gabble should be allowed remove_name access on the caps-cache.db-journal directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep telepathy-gabbl /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:telepathy_gabble_t:s0-s0 :c0.c1023 Target Context unconfined_u:object_r:user_home_t:s0 Target Objects caps-cache.db-journal [ dir ] Source telepathy-gabbl Source Path /usr/libexec/telepathy-gabble Port <Unknown> Host (removed) Source RPM Packages telepathy-gabble-0.11.8-1.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-6.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux valhalla.rhi.hi.is 2.6.38.2-9.fc15.x86_64 #1 SMP Wed Mar 30 16:55:57 UTC 2011 x86_64 x86_64 Alert Count 1 First Seen Thu 31 Mar 2011 12:44:23 PM GMT Last Seen Thu 31 Mar 2011 12:44:23 PM GMT Local ID f1590c6d-3b1e-4699-8247-e00a5574d13a Raw Audit Messages type=AVC msg=audit(1301575463.996:312): avc: denied { remove_name } for pid=30049 comm="telepathy-gabbl" name="caps-cache.db-journal" dev=dm-3 ino=2228740 scontext=unconfined_u:unconfined_r:telepathy_gabble_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir type=AVC msg=audit(1301575463.996:312): avc: denied { unlink } for pid=30049 comm="telepathy-gabbl" name="caps-cache.db-journal" dev=dm-3 ino=2228740 scontext=unconfined_u:unconfined_r:telepathy_gabble_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file type=SYSCALL msg=audit(1301575463.996:312): arch=x86_64 syscall=unlink success=yes exit=0 a0=110626f a1=110626f a2=0 a3=0 items=0 ppid=1 pid=30049 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm=telepathy-gabbl exe=/usr/libexec/telepathy-gabble subj=unconfined_u:unconfined_r:telepathy_gabble_t:s0-s0:c0.c1023 key=(null) Hash: telepathy-gabbl,telepathy_gabble_t,user_home_t,dir,remove_name audit2allow #============= telepathy_gabble_t ============== allow telepathy_gabble_t user_home_t:dir remove_name; allow telepathy_gabble_t user_home_t:file unlink; audit2allow -R #============= telepathy_gabble_t ============== allow telepathy_gabble_t user_home_t:dir remove_name; allow telepathy_gabble_t user_home_t:file unlink;
Where is caps-cache.db-journal in your homedir. Could you run restorecon -R -v ~/ And see if this changes any labels related to this avc?
/home/johannbg/.cache/wocky/caps/caps-cache.db is what I find Looks like a change compare to F14 in telepathy.. /share/F14Backup/johannbg/.cache/telepathy/gabble/caps-cache.db
What is the wocky and caps directory?
I am not sure about wocky (must be new in fedora 15's gabble), but caps is confirmed here: ls -alZ ~/.cache/telepathy/gabble drwxr-xr-x. dgrift dgrift staff_u:object_r:tp_gabble_cache_home_t:s0 . drwx------. dgrift dgrift staff_u:object_r:tp_cache_home_t:s0 .. -rw-r--r--. dgrift dgrift staff_u:object_r:tp_gabble_cache_home_t:s0 caps-cache.db logger also dumps stuff in ~/.cache/telepathy: ls -alZ ~/.cache/telepathy/ drwx------. dgrift dgrift staff_u:object_r:tp_cache_home_t:s0 . drwx------. dgrift dgrift staff_u:object_r:cache_home_t:s0 .. drwx------. dgrift dgrift staff_u:object_r:empathy_cache_home_t:s0 avatars drwxr-xr-x. dgrift dgrift staff_u:object_r:tp_gabble_cache_home_t:s0 gabble drwx------. dgrift dgrift staff_u:object_r:tp_logger_cache_home_t:s0 logger HOME_DIR/\.mission-control(/.*)? gen_context(system_u:object_r:tp_mission_control_home_t,s0) HOME_DIR/\.cache/\.mc_connections -- gen_context(system_u:object_r:tp_mission_control_cache_home_t,s0) HOME_DIR/\.cache/telepathy(/.*)? gen_context(system_u:object_r:tp_cache_home_t,s0) HOME_DIR/\.cache/telepathy/gabble(/.*)? gen_context(system_u:object_r:tp_gabble_cache_home_t,s0) HOME_DIR/\.cache/telepathy/logger(/.*)? gen_context(system_u:object_r:tp_logger_cache_home_t,s0) HOME_DIR/\.local/share/TpLogger(/.*)? gen_context(system_u:object_r:tp_logger_data_home_t,s0) Question is: Why is ~/.cache labelled user_home_t instead of cache_home_t in this bugzilla.
Looks like some labelling issue at the least (user_home_t vs. cache_home_t) Looks like the home directory is in a different location? /share/F14Backup/johannbg/.cache/ Might be related to restorecond -u.
"Wocky: an XMPP library that is built entirely asynchronously, makes it easier to provide more modern XMPP features, and takes advantage of the latest GLib features, such as gnio. Wocky source is directly in the gabble tree (via a git submodule). " http://telepathy.freedesktop.org/wiki/Components
Avc denial makes perfect sense. Telepathy is not allowed to delete generic user home content. Let alone manage it. So, some labelling issue must have occurred between creation of these objects and this event of deleting.
There is wocky support in Fedora. You have a labelling issue i suspect. Restorecon -R -v ~/.cache should fix it. This labelling issue was not there before, because if it were, then gabble would not be able to create these files in the first place.
This is a fresh beta-tc1 install as of this morning fully updated in permissive mode. I've been unsuccessful in recreating the denial after restorecon ( quit empathy and started it again ) perhaps this got triggered when setting up the googletalk account.
Ok if it happens again please reopen.