694385 – SELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from 'lock' accesses on the file /.config/Trolltech.conf.

Bug 694385 - SELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from 'lock' accesses on the file /.config/Trolltech.conf.

Summary: SELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from 'lock' accesse...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kde-workspace
Sub Component:
Version:	18
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Than Ngo
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	setroubleshoot_trace_hash:d96fc32da15...
Duplicates (10):	689925 708581 711025 727463 747306 799633 810661 840155 873193 873916 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-04-07 07:45 UTC by Maxim Prohorenko
Modified:	2013-10-05 11:23 UTC (History)
CC List:	40 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-02-09 06:39:06 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Comment abut the solution. (5.76 KB, application/x-desktop) 2012-05-13 13:07 UTC, Lucelio Gomes de Freitas	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
KDE Software Compilation	249217	0	None	None	None	2012-10-22 18:26:23 UTC

Description Maxim Prohorenko 2011-04-07 07:45:33 UTC

SELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from 'lock' accesses on the file /.config/Trolltech.conf.

*****  Plugin catchall_labels (83.8 confidence) suggests  ********************

If you want to allow kcmdatetimehelper to have lock access on the Trolltech.conf file
Then you need to change the label on /.config/Trolltech.conf
Do
# semanage fcontext -a -t FILE_TYPE '/.config/Trolltech.conf'
where FILE_TYPE is one of the following: system_dbusd_var_lib_t, bin_t, cert_t, usr_t, gnomeclock_exec_t, abrt_var_run_t, sssd_public_t, locale_t, etc_t, proc_t, sysctl_crypto_t, system_cronjob_var_lib_t, policykit_var_lib_t, krb5_conf_t, abrt_t, lib_t, shell_exec_t, dbusd_etc_t, userdomain, policykit_reload_t, rpm_script_tmp_t, samba_var_t, net_conf_t, sosreport_tmp_t, etc_runtime_t, rpm_tmp_t, config_usr_t, ld_so_cache_t, consoletype_exec_t, gnomeclock_t, cert_t, net_conf_t. 
Then execute: 
restorecon -v '/.config/Trolltech.conf'


*****  Plugin catchall (17.1 confidence) suggests  ***************************

If you believe that kcmdatetimehelper should be allowed lock access on the Trolltech.conf file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep kcmdatetimehelp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:gnomeclock_t:s0-s0:c0.c1023
Target Context                system_u:object_r:default_t:s0
Target Objects                /.config/Trolltech.conf [ file ]
Source                        kcmdatetimehelp
Source Path                   /usr/libexec/kde4/kcmdatetimehelper
Port                          <Неизвестно>
Host                          (removed)
Source RPM Packages           kdebase-workspace-4.6.1-6.fc15
Target RPM Packages           
Policy RPM                    selinux-policy-3.9.16-10.fc15
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     (removed)
Platform                      Linux (removed) 2.6.38.2-9.fc15.x86_64
                              #1 SMP Wed Mar 30 16:55:57 UTC 2011 x86_64 x86_64
Alert Count                   2
First Seen                    Пнд 04 Апр 2011 00:40:15
Last Seen                     Пнд 04 Апр 2011 00:41:01
Local ID                      6c474e09-f65f-4d83-854f-47a5d3dfaa17

Raw Audit Messages
type=AVC msg=audit(1301863261.419:438): avc:  denied  { lock } for  pid=17398 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev=dm-1 ino=1310722 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file


type=SYSCALL msg=audit(1301863261.419:438): arch=x86_64 syscall=fcntl success=yes exit=0 a0=3 a1=7 a2=7fff6497af70 a3=e items=0 ppid=17397 pid=17398 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=kcmdatetimehelp exe=/usr/libexec/kde4/kcmdatetimehelper subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)

Hash: kcmdatetimehelp,gnomeclock_t,default_t,file,lock

audit2allow

#============= gnomeclock_t ==============
allow gnomeclock_t default_t:file lock;

audit2allow -R

#============= gnomeclock_t ==============
allow gnomeclock_t default_t:file lock;

Comment 1 Miroslav Grepl 2011-04-07 10:26:11 UTC

This is a bug in KDE.

You can allow it for now using

# semanage fcontext -a -e /usr/share/kde4 /.config
# restorecon -R -v /.config

Comment 2 Kevin Kofler 2011-04-07 12:05:07 UTC

Right, this is a bug, writing to /.config is just broken.

Comment 3 nucleo 2011-05-20 23:39:48 UTC

/.config/Trolltech.conf appeared in F14 some time ago but not appears anymore after I removed it but still appears in F15 after removing.

Comment 4 Miroslav Grepl 2011-05-29 20:34:12 UTC

*** Bug 708581 has been marked as a duplicate of this bug. ***

Comment 5 Petri Iivonen 2011-06-02 08:01:10 UTC

Same application, but this is alert for read access, not locking:
SELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from read access on the file /.config/Trolltech.conf.

*****  Plugin catchall_labels (83.8 confidence) suggests  ********************

If you want to allow kcmdatetimehelper to have read access on the Trolltech.conf file
Then you need to change the label on /.config/Trolltech.conf
Do
# semanage fcontext -a -t FILE_TYPE '/.config/Trolltech.conf'
where FILE_TYPE is one of the following: consoletype_exec_t, hwclock_exec_t, gnomeclock_t, ntpd_initrc_exec_t, system_dbusd_var_lib_t, policykit_auth_exec_t, ld_so_cache_t, bin_t, cert_t, usr_t, gnomeclock_exec_t, locale_t, sssd_public_t, etc_t, proc_t, system_cronjob_var_lib_t, policykit_var_lib_t, abrt_var_run_t, krb5_conf_t, shell_exec_t, sysctl_crypto_t, dbusd_etc_t, systemd_systemctl_exec_t, userdomain, abrt_t, ntpdate_exec_t, lib_t, afs_cache_t, policykit_reload_t, abrt_helper_exec_t, samba_var_t, ld_so_t, net_conf_t, textrel_shlib_t, etc_runtime_t, config_usr_t, rpm_script_tmp_t, cert_t, net_conf_t. 
Then execute: 
restorecon -v '/.config/Trolltech.conf'


*****  Plugin catchall (17.1 confidence) suggests  ***************************

If you believe that kcmdatetimehelper should be allowed read access on the Trolltech.conf file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep kcmdatetimehelp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:gnomeclock_t:s0-s0:c0.c1023
Target Context                system_u:object_r:default_t:s0
Target Objects                /.config/Trolltech.conf [ file ]
Source                        kcmdatetimehelp
Source Path                   /usr/libexec/kde4/kcmdatetimehelper
Port                          <Unknown>
Host                          mainlinux.scom
Source RPM Packages           kdebase-workspace-4.6.3-5.fc15
Target RPM Packages           
Policy RPM                    selinux-policy-3.9.16-24.fc15
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     mainlinux.scom
Platform                      Linux mainlinux.scom 2.6.38.6-27.fc15.x86_64 #1
                              SMP Sun May 15 17:23:28 UTC 2011 x86_64 x86_64
Alert Count                   2
First Seen                    Wed 01 Jun 2011 17:52:44 BST
Last Seen                     Wed 01 Jun 2011 17:54:09 BST
Local ID                      c11e5afa-79fc-4c01-a5af-c99ec7565b31

Raw Audit Messages
type=AVC msg=audit(1306947249.274:228): avc:  denied  { read } for  pid=12824 comm="kcmdatetimehelp" name="Trolltech.conf" dev=dm-4 ino=2621442 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file


type=SYSCALL msg=audit(1306947249.274:228): arch=x86_64 syscall=open success=no exit=EACCES a0=1e865e8 a1=80000 a2=1b6 a3=0 items=0 ppid=1 pid=12824 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=kcmdatetimehelp exe=/usr/libexec/kde4/kcmdatetimehelper subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)

Hash: kcmdatetimehelp,gnomeclock_t,default_t,file,read

audit2allow

#============= gnomeclock_t ==============
allow gnomeclock_t default_t:file read;

audit2allow -R

#============= gnomeclock_t ==============
allow gnomeclock_t default_t:file read;



Fedora 15 x86_64
kernel 2.6.38.6-27.fc15.x86_64
KDE 4.6.3

Comment 6 Miroslav Grepl 2011-06-02 10:41:44 UTC

Petri, 
please execute

# semanage fcontext -a -e /usr/share/kde4 /.config
# restorecon -R -v /.config

Comment 7 Miroslav Grepl 2011-06-06 16:09:26 UTC

*** Bug 711025 has been marked as a duplicate of this bug. ***

Comment 8 nucleo 2011-06-09 02:47:16 UTC

File /.config/Trolltech.conf not created after I changed and saved settings in "Login Screen" in systemsettings.
But after kdebase-workspace (and kdm) update file /.config/Trolltech.conf created again.

Comment 9 Miroslav Grepl 2011-08-02 11:33:44 UTC

*** Bug 727463 has been marked as a duplicate of this bug. ***

Comment 10 Miroslav Grepl 2011-10-19 13:18:53 UTC

*** Bug 747306 has been marked as a duplicate of this bug. ***

Comment 11 Matt Haedo 2011-11-21 03:00:34 UTC

Bug persists after executing the following:
# semanage fcontext -a -e /usr/share/kde4 /.config
# restorecon -R -v /.config

Comment 12 Miroslav Grepl 2011-11-28 10:49:29 UTC

What AVC are you getting?

Comment 13 Matt Haedo 2011-11-28 14:37:36 UTC

Miroslav, I'm not sure exactly what info would be helpful so I will just post the contents of the SETroubleshoot Details Window for both SELinux alerts:

SELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from write access on the sock_file log.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that kcmdatetimehelper should be allowed write access on the log sock_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep kcmdatetimehelp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:gnomeclock_t:s0-s0:c0.c1023
Target Context                system_u:object_r:devlog_t:s0
Target Objects                log [ sock_file ]
Source                        kcmdatetimehelp
Source Path                   /usr/libexec/kde4/kcmdatetimehelper
Port                          <Unknown>
Host                          thinkpad.home
Source RPM Packages           kdebase-workspace-4.7.3-12.fc16
Target RPM Packages           
Policy RPM                    selinux-policy-3.10.0-56.fc16
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     thinkpad.home
Platform                      Linux thinkpad.home 3.1.2-1.fc16.x86_64 #1 SMP Tue
                              Nov 22 09:00:57 UTC 2011 x86_64 x86_64
Alert Count                   4
First Seen                    Sun 20 Nov 2011 04:55:38 PM EST
Last Seen                     Mon 28 Nov 2011 04:30:21 AM EST
Local ID                      d94b422c-6e13-4a70-8c1f-17998b2a151f

Raw Audit Messages
type=AVC msg=audit(1322472621.437:355): avc:  denied  { write } for  pid=6469 comm="kcmdatetimehelp" name="log" dev=devtmpfs ino=8580 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:devlog_t:s0 tclass=sock_file


type=SYSCALL msg=audit(1322472621.437:355): arch=x86_64 syscall=connect success=no exit=EACCES a0=8 a1=388cdb1820 a2=6e a3=0 items=0 ppid=6468 pid=6469 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=kcmdatetimehelp exe=/usr/libexec/kde4/kcmdatetimehelper subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)

Hash: kcmdatetimehelp,gnomeclock_t,devlog_t,sock_file,write

audit2allow

#============= gnomeclock_t ==============
allow gnomeclock_t devlog_t:sock_file write;

audit2allow -R

#============= gnomeclock_t ==============
allow gnomeclock_t devlog_t:sock_file write;


as well as:

SELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from write access on the file /.config/Trolltech.conf.

*****  Plugin catchall_labels (83.8 confidence) suggests  ********************

If you want to allow kcmdatetimehelper to have write access on the Trolltech.conf file
Then you need to change the label on /.config/Trolltech.conf
Do
# semanage fcontext -a -t FILE_TYPE '/.config/Trolltech.conf'
where FILE_TYPE is one of the following: gnomeclock_t, afs_cache_t, locale_t, config_usr_t. 
Then execute: 
restorecon -v '/.config/Trolltech.conf'


*****  Plugin catchall (17.1 confidence) suggests  ***************************

If you believe that kcmdatetimehelper should be allowed write access on the Trolltech.conf file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep kcmdatetimehelp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:gnomeclock_t:s0-s0:c0.c1023
Target Context                system_u:object_r:usr_t:s0
Target Objects                /.config/Trolltech.conf [ file ]
Source                        kcmdatetimehelp
Source Path                   /usr/libexec/kde4/kcmdatetimehelper
Port                          <Unknown>
Host                          thinkpad.home
Source RPM Packages           kdebase-workspace-4.7.3-12.fc16
Target RPM Packages           
Policy RPM                    selinux-policy-3.10.0-56.fc16
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     thinkpad.home
Platform                      Linux thinkpad.home 3.1.2-1.fc16.x86_64 #1 SMP Tue
                              Nov 22 09:00:57 UTC 2011 x86_64 x86_64
Alert Count                   5
First Seen                    Sun 20 Nov 2011 04:55:38 PM EST
Last Seen                     Mon 28 Nov 2011 04:30:21 AM EST
Local ID                      407b652d-aaca-464f-956b-72f57bd9e092

Raw Audit Messages
type=AVC msg=audit(1322472621.444:356): avc:  denied  { write } for  pid=6469 comm="kcmdatetimehelp" name="Trolltech.conf" dev=dm-2 ino=3014658 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file


type=SYSCALL msg=audit(1322472621.444:356): arch=x86_64 syscall=open success=no exit=EACCES a0=1f06608 a1=80042 a2=1b6 a3=0 items=0 ppid=6468 pid=6469 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=kcmdatetimehelp exe=/usr/libexec/kde4/kcmdatetimehelper subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)

Hash: kcmdatetimehelp,gnomeclock_t,usr_t,file,write

audit2allow

#============= gnomeclock_t ==============
allow gnomeclock_t usr_t:file write;

audit2allow -R

#============= gnomeclock_t ==============
allow gnomeclock_t usr_t:file write;

Comment 14 Miroslav Grepl 2011-11-28 18:31:07 UTC

I see the bug in my comment, you need to execute

# semanage fcontext -d -e /usr/share/kde4 /.config
# semanage fcontext -a -e /usr/share/config /.config
# restorecon -R -v /.config

Comment 15 Matt Haedo 2011-12-02 08:53:28 UTC

Now I see the following:

SELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from write access on the sock_file log.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that kcmdatetimehelper should be allowed write access on the log sock_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep kcmdatetimehelp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:gnomeclock_t:s0-s0:c0.c1023
Target Context                system_u:object_r:devlog_t:s0
Target Objects                log [ sock_file ]
Source                        kcmdatetimehelp
Source Path                   /usr/libexec/kde4/kcmdatetimehelper
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           kdebase-workspace-4.7.3-12.fc16
Target RPM Packages           
Policy RPM                    selinux-policy-3.10.0-56.fc16
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux thinkpad.home 3.1.2-1.fc16.x86_64 #1 SMP Tue
                              Nov 22 09:00:57 UTC 2011 x86_64 x86_64
Alert Count                   1
First Seen                    Thu 01 Dec 2011 10:47:07 PM EST
Last Seen                     Thu 01 Dec 2011 10:47:07 PM EST
Local ID                      3f3ed72b-5913-49c9-bc3a-f8df3287aee7

Raw Audit Messages
type=AVC msg=audit(1322797627.975:129): avc:  denied  { write } for  pid=4318 comm="kcmdatetimehelp" name="log" dev=devtmpfs ino=10191 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:devlog_t:s0 tclass=sock_file


type=SYSCALL msg=audit(1322797627.975:129): arch=x86_64 syscall=connect success=no exit=EACCES a0=8 a1=7f21a9e77820 a2=6e a3=0 items=0 ppid=4317 pid=4318 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=kcmdatetimehelp exe=/usr/libexec/kde4/kcmdatetimehelper subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)

Hash: kcmdatetimehelp,gnomeclock_t,devlog_t,sock_file,write

audit2allow

#============= gnomeclock_t ==============
allow gnomeclock_t devlog_t:sock_file write;

audit2allow -R

#============= gnomeclock_t ==============
allow gnomeclock_t devlog_t:sock_file write;

Comment 16 Miroslav Grepl 2011-12-02 09:01:37 UTC

Fixed in selinux-policy-3.9.16-49.fc15

Comment 17 Matt Haedo 2011-12-02 09:11:38 UTC

I am running selinux-policy-3.10.0-56-fc16.

Comment 18 Miroslav Grepl 2011-12-02 09:34:22 UTC

(In reply to comment #17)
> I am running selinux-policy-3.10.0-56-fc16.

Also fixed in selinux-policy-3.10.0-64.fc16. A new build will be done today.

Comment 19 Miroslav Grepl 2012-03-05 09:10:27 UTC

*** Bug 799633 has been marked as a duplicate of this bug. ***

Comment 20 Kevin Kofler 2012-04-09 21:22:58 UTC

*** Bug 810661 has been marked as a duplicate of this bug. ***

Comment 21 Nick Cross 2012-05-09 20:53:19 UTC

I am now seeing this on Fedora 16 as of today. It will not let me change my time zone.

Comment 22 Miroslav Grepl 2012-05-10 07:53:37 UTC

What does

$ rpm -q selinux-policy

$ ausearch -m avc |grep gnomeclock

Comment 23 Nick Cross 2012-05-10 08:04:25 UTC

selinux-policy-3.10.0-84.fc16.noarch

ausearch -m avc |grep gnomeclock
type=SYSCALL msg=audit(1336593340.722:563): arch=c000003e syscall=2 success=no exit=-13 a0=1015f98 a1=80042 a2=1b6 a3=0 items=0 ppid=4619 pid=4620 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336593340.722:563): avc:  denied  { write } for  pid=4620 comm="kcmdatetimehelp" name="Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file
type=SYSCALL msg=audit(1336593346.439:566): arch=c000003e syscall=21 success=no exit=-13 a0=10288a8 a1=2 a2=1028801 a3=0 items=0 ppid=1 pid=4620 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336593346.439:566): avc:  denied  { write } for  pid=4620 comm="kcmdatetimehelp" name="config" dev="dm-2" ino=1572867 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir
type=SYSCALL msg=audit(1336593346.439:567): arch=c000003e syscall=21 success=no exit=-13 a0=10288a8 a1=2 a2=200 a3=7fff9ab359b0 items=0 ppid=1 pid=4620 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336593346.439:567): avc:  denied  { write } for  pid=4620 comm="kcmdatetimehelp" name="config" dev="dm-2" ino=1572867 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir
type=SYSCALL msg=audit(1336595795.903:49): arch=c000003e syscall=2 success=no exit=-13 a0=17d5df8 a1=80042 a2=1b6 a3=0 items=0 ppid=1920 pid=1921 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336595795.903:49): avc:  denied  { write } for  pid=1921 comm="kcmdatetimehelp" name="Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file
type=SYSCALL msg=audit(1336595807.194:53): arch=c000003e syscall=21 success=no exit=-13 a0=17e7558 a1=2 a2=17e7501 a3=0 items=0 ppid=1 pid=1921 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336595807.194:53): avc:  denied  { write } for  pid=1921 comm="kcmdatetimehelp" name="config" dev="dm-2" ino=1572867 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir
type=SYSCALL msg=audit(1336595807.194:54): arch=c000003e syscall=21 success=no exit=-13 a0=17e7558 a1=2 a2=200 a3=7fff4de860d0 items=0 ppid=1 pid=1921 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336595807.194:54): avc:  denied  { write } for  pid=1921 comm="kcmdatetimehelp" name="config" dev="dm-2" ino=1572867 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir
type=SYSCALL msg=audit(1336596142.533:59): arch=c000003e syscall=6 success=no exit=-13 a0=90a2e8 a1=7fff9f5b3e60 a2=7fff9f5b3e60 a3=7fff9f5b3bf0 items=0 ppid=2320 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336596142.533:59): avc:  denied  { getattr } for  pid=2321 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336596142.533:60): arch=c000003e syscall=2 success=no exit=-13 a0=90a2e8 a1=80000 a2=1b6 a3=7fff9f5b3bc0 items=0 ppid=2320 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336596142.533:60): avc:  denied  { read } for  pid=2321 comm="kcmdatetimehelp" name="Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336596142.533:61): arch=c000003e syscall=4 success=no exit=-13 a0=911108 a1=7fff9f5b3ed0 a2=7fff9f5b3ed0 a3=0 items=0 ppid=2320 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336596142.533:61): avc:  denied  { getattr } for  pid=2321 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336596142.757:62): arch=c000003e syscall=6 success=no exit=-13 a0=943248 a1=7fff9f5b4450 a2=7fff9f5b4450 a3=0 items=0 ppid=1 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336596142.757:62): avc:  denied  { getattr } for  pid=2321 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336596142.757:63): arch=c000003e syscall=4 success=no exit=-13 a0=94bbb8 a1=7fff9f5b4410 a2=7fff9f5b4410 a3=0 items=0 ppid=1 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336596142.757:63): avc:  denied  { getattr } for  pid=2321 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336596142.757:64): arch=c000003e syscall=2 success=no exit=-13 a0=90a368 a1=800c2 a2=180 a3=0 items=0 ppid=1 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336596142.757:64): avc:  denied  { write } for  pid=2321 comm="kcmdatetimehelp" name=".config" dev="dm-2" ino=1441793 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir
type=SYSCALL msg=audit(1336596142.757:65): arch=c000003e syscall=2 success=no exit=-13 a0=943248 a1=80000 a2=1b6 a3=0 items=0 ppid=1 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336596142.757:65): avc:  denied  { read } for  pid=2321 comm="kcmdatetimehelp" name="Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336596142.757:66): arch=c000003e syscall=4 success=no exit=-13 a0=94bbb8 a1=7fff9f5b44c0 a2=7fff9f5b44c0 a3=0 items=0 ppid=1 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336596142.757:66): avc:  denied  { getattr } for  pid=2321 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336596146.033:69): arch=c000003e syscall=21 success=no exit=-13 a0=9645d8 a1=2 a2=964501 a3=0 items=0 ppid=1 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336596146.033:69): avc:  denied  { write } for  pid=2321 comm="kcmdatetimehelp" name="config" dev="dm-2" ino=1572867 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir
type=SYSCALL msg=audit(1336596146.033:70): arch=c000003e syscall=21 success=no exit=-13 a0=9645d8 a1=2 a2=200 a3=7fff9f5b2f20 items=0 ppid=1 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336596146.033:70): avc:  denied  { write } for  pid=2321 comm="kcmdatetimehelp" name="config" dev="dm-2" ino=1572867 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir
type=SYSCALL msg=audit(1336636593.862:99): arch=c000003e syscall=6 success=no exit=-13 a0=1cd62e8 a1=7fff135c7550 a2=7fff135c7550 a3=7fff135c72e0 items=0 ppid=3693 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336636593.862:99): avc:  denied  { getattr } for  pid=3694 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336636593.862:100): arch=c000003e syscall=2 success=no exit=-13 a0=1cd62e8 a1=80000 a2=1b6 a3=7fff135c72b0 items=0 ppid=3693 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336636593.862:100): avc:  denied  { read } for  pid=3694 comm="kcmdatetimehelp" name="Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336636593.862:101): arch=c000003e syscall=4 success=no exit=-13 a0=1cdd108 a1=7fff135c75c0 a2=7fff135c75c0 a3=0 items=0 ppid=3693 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336636593.862:101): avc:  denied  { getattr } for  pid=3694 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336636593.879:102): arch=c000003e syscall=6 success=no exit=-13 a0=1d14e08 a1=7fff135c7b40 a2=7fff135c7b40 a3=0 items=0 ppid=3693 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336636593.879:102): avc:  denied  { getattr } for  pid=3694 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336636593.879:103): arch=c000003e syscall=4 success=no exit=-13 a0=1d13198 a1=7fff135c7b00 a2=7fff135c7b00 a3=0 items=0 ppid=3693 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336636593.879:103): avc:  denied  { getattr } for  pid=3694 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336636593.879:104): arch=c000003e syscall=2 success=no exit=-13 a0=1d16f78 a1=800c2 a2=180 a3=0 items=0 ppid=3693 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336636593.879:104): avc:  denied  { write } for  pid=3694 comm="kcmdatetimehelp" name=".config" dev="dm-2" ino=1441793 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir
type=SYSCALL msg=audit(1336636593.879:105): arch=c000003e syscall=2 success=no exit=-13 a0=1d14e08 a1=80000 a2=1b6 a3=0 items=0 ppid=3693 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336636593.879:105): avc:  denied  { read } for  pid=3694 comm="kcmdatetimehelp" name="Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336636593.879:106): arch=c000003e syscall=4 success=no exit=-13 a0=1d13198 a1=7fff135c7bb0 a2=7fff135c7bb0 a3=0 items=0 ppid=3693 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336636593.879:106): avc:  denied  { getattr } for  pid=3694 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336636596.928:109): arch=c000003e syscall=21 success=no exit=-13 a0=1d25838 a1=2 a2=1d25801 a3=0 items=0 ppid=1 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336636596.928:109): avc:  denied  { write } for  pid=3694 comm="kcmdatetimehelp" name="config" dev="dm-2" ino=1572867 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir
type=SYSCALL msg=audit(1336636596.928:110): arch=c000003e syscall=21 success=no exit=-13 a0=1d25838 a1=2 a2=200 a3=7fff135c6610 items=0 ppid=1 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336636596.928:110): avc:  denied  { write } for  pid=3694 comm="kcmdatetimehelp" name="config" dev="dm-2" ino=1572867 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir
type=SYSCALL msg=audit(1336636647.915:112): arch=c000003e syscall=2 success=no exit=-13 a0=8842e8 a1=80000 a2=1b6 a3=7fff6d4fb350 items=0 ppid=3838 pid=3839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336636647.915:112): avc:  denied  { read } for  pid=3839 comm="kcmdatetimehelp" name="Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336636647.915:113): arch=c000003e syscall=4 success=no exit=-13 a0=88b108 a1=7fff6d4fb660 a2=7fff6d4fb660 a3=0 items=0 ppid=3838 pid=3839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336636647.915:113): avc:  denied  { getattr } for  pid=3839 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336636647.915:111): arch=c000003e syscall=6 success=no exit=-13 a0=8842e8 a1=7fff6d4fb5f0 a2=7fff6d4fb5f0 a3=7fff6d4fb380 items=0 ppid=3838 pid=3839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336636647.915:111): avc:  denied  { getattr } for  pid=3839 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336636647.934:114): arch=c000003e syscall=6 success=no exit=-13 a0=8c1868 a1=7fff6d4fbbe0 a2=7fff6d4fbbe0 a3=0 items=0 ppid=3838 pid=3839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336636647.934:114): avc:  denied  { getattr } for  pid=3839 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336636647.935:115): arch=c000003e syscall=4 success=no exit=-13 a0=8c30e8 a1=7fff6d4fbba0 a2=7fff6d4fbba0 a3=0 items=0 ppid=3838 pid=3839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336636647.935:115): avc:  denied  { getattr } for  pid=3839 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336636647.935:116): arch=c000003e syscall=2 success=no exit=-13 a0=8c5318 a1=800c2 a2=180 a3=0 items=0 ppid=3838 pid=3839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336636647.935:116): avc:  denied  { write } for  pid=3839 comm="kcmdatetimehelp" name=".config" dev="dm-2" ino=1441793 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir
type=SYSCALL msg=audit(1336636647.936:117): arch=c000003e syscall=2 success=no exit=-13 a0=8c1868 a1=80000 a2=1b6 a3=0 items=0 ppid=1 pid=3839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336636647.936:117): avc:  denied  { read } for  pid=3839 comm="kcmdatetimehelp" name="Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336636647.936:118): arch=c000003e syscall=4 success=no exit=-13 a0=8c30e8 a1=7fff6d4fbc50 a2=7fff6d4fbc50 a3=0 items=0 ppid=1 pid=3839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336636647.936:118): avc:  denied  { getattr } for  pid=3839 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file
type=SYSCALL msg=audit(1336636651.087:121): arch=c000003e syscall=21 success=no exit=-13 a0=8cf2e8 a1=2 a2=8cf201 a3=0 items=0 ppid=1 pid=3839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336636651.087:121): avc:  denied  { write } for  pid=3839 comm="kcmdatetimehelp" name="config" dev="dm-2" ino=1572867 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir
type=SYSCALL msg=audit(1336636651.087:122): arch=c000003e syscall=21 success=no exit=-13 a0=8cf2e8 a1=2 a2=200 a3=7fff6d4fa6b0 items=0 ppid=1 pid=3839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1336636651.087:122): avc:  denied  { write } for  pid=3839 comm="kcmdatetimehelp" name="config" dev="dm-2" ino=1572867 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir

Comment 24 Lucelio Gomes de Freitas 2012-05-13 13:07:46 UTC

Created attachment 584138 [details]
Comment abut the solution.

The problem was partialy solved. It does the time update and time stays ok. No error or message generated by Selinux. But on next boot the update is lost. Time gets back to one hour ahead.

Comment 25 Kevin Kofler 2012-05-13 13:16:49 UTC

I don't think failing to set the clock has anything to do with the access to /.config, they're unrelated issues.

It's the executing of hwclock which seems to be failing here.

Comment 26 Simon Lewis 2012-06-24 06:01:48 UTC

I am having the same trouble, clock is always one day ahead. I can reset the date but the next time I boot it is again one day ahead...

Comment 27 Miroslav Grepl 2012-07-15 18:14:12 UTC

*** Bug 840155 has been marked as a duplicate of this bug. ***

Comment 28 nucleo 2012-10-22 21:49:33 UTC

After installing qt-4.8.3-5.fc17 file /.config/Trolltech.conf not appears after deleting and reboot.

Comment 29 Fedora Update System 2012-10-23 12:36:50 UTC

qt-4.8.3-5.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/FEDORA-2012-16551/qt-4.8.3-5.fc18

Comment 30 Miroslav Grepl 2012-10-23 12:43:16 UTC

It is great to have a fix for this issue.

Comment 31 Sandro Mathys 2012-10-26 14:47:18 UTC

Tried to change the timezone and enable NTP through the KDE settings GUI.

Package: (null)
OS Release: Fedora release 18 (Spherical Cow)

Comment 32 Rex Dieter 2012-10-26 16:34:35 UTC

Sandro, what version of qt did you test with?  qt-4.8.3-5 or newer (or not)?

Comment 33 Sandro Mathys 2012-10-26 16:43:12 UTC

Wished I could tell but won't have access to that system until Monday anymore :( I'm not even sure whether I've seen the issue before or after updating the system :/ Should have checked the current status after reporting the issue through sealert so I would have noticed the update. Sorry to be of no help here.

Comment 34 Fedora Update System 2012-10-27 22:02:50 UTC

qt-4.8.3-7.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/qt-4.8.3-7.fc16

Comment 35 Fedora Update System 2012-10-27 22:03:14 UTC

qt-4.8.3-7.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/qt-4.8.3-7.fc17

Comment 36 Rex Dieter 2012-11-05 12:51:43 UTC

*** Bug 873193 has been marked as a duplicate of this bug. ***

Comment 37 Fedora Update System 2012-11-06 08:02:53 UTC

qt-4.8.3-7.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 38 Rex Dieter 2012-11-07 14:20:57 UTC

*** Bug 873916 has been marked as a duplicate of this bug. ***

Comment 39 Fedora Update System 2012-11-08 05:37:33 UTC

qt-4.8.3-5.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 40 Fedora Update System 2012-11-15 02:39:43 UTC

qt-4.8.3-7.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 41 Daniel Walsh 2012-11-16 16:48:55 UTC

We seem to be seeing this in F18 again?

Comment 42 Rex Dieter 2012-11-16 16:50:56 UTC

where/how?  using what qt builds?

Comment 43 Rex Dieter 2012-11-16 17:01:57 UTC

In particular, the initial "fix" we're using in builds 4.8.3-5+ borrowed from other distros (not upstreamed yet),

http://pkgs.fedoraproject.org/cgit/qt.git/tree/qt-everywhere-opensource-src-4.8.3-QTBUG-4862.patch

is that calls to

QFileSystemEngine::homePath()

initially simply tried qgetenv("HOME"), and stopped there

The patch tries harder, checks if that's empty, then uses getpwuid-type calls to grok the uid's homedir.

The long and short of it, is the polkit-initiated app-calls that once bailed-out and tried to use / to store root files, should properly hit /root now

If that's not working, the mystery now is how and why getpwuid and friends aren't working either.

Comment 44 Rex Dieter 2012-12-10 19:52:01 UTC

*** Bug 689925 has been marked as a duplicate of this bug. ***

Comment 45 Jorrit 2012-12-18 12:03:00 UTC

None of the public time servers seem to be online, so I thought I would just manually override the settings and set my timezone to CET which is my timezone. Still after every boot of the system the timeclock automatically is set back for one hour. This shouldn't bother me that much if I wouldn get that SElinux notification every time. Please fix the bug or set up different server pools for automatic timeadjustment through use of the internet.

Package: (null)
Architecture: i686
OS Release: Fedora release 17 (Beefy Miracle)

Comment 46 Rex Dieter 2012-12-18 12:26:11 UTC

The bug really should be fixed if you have qt-4.8.3-5+ installed (the helpers then should use /root/.config instead of toplevel /.config), but you may want to delete /.config directory for good measure.

Comment 47 Richard Nichols 2012-12-19 17:16:24 UTC

Trying to get Date and Time to function and get similar AVC denial to those above but slightly different.

This is FC17 machine and I just performed yum update to make sure I had current pkgs.  The version of QT is: qt-4.8.4-1.fc17.x86_64

After turning on Auditing ausearch returned:
sudo ausearch -m avc -ts recent
time->Wed Dec 19 09:51:21 2012
type=PATH msg=audit(1355932281.715:117): item=0 name="/" inode=2 dev=08:23 mode=040555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:root_t:s0
type=CWD msg=audit(1355932281.715:117):  cwd="/"
type=SYSCALL msg=audit(1355932281.715:117): arch=c000003e syscall=21 success=no exit=-13 a0=152b5b8 a1=2 a2=200 a3=7fffe17801a0 items=1 ppid=1 pid=2457 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1355932281.715:117): avc:  denied  { dac_override } for  pid=2457 comm="kcmdatetimehelp" capability=1  scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tclass=capability

Not sure what all of this is telling me...  Looks like it is trying to access "/", which is different from errors in previous comments for /.kde & /.config,  so I'm not sure if this is something new or an error on my part.

Comment 48 Richard Nichols 2012-12-19 17:28:08 UTC

Sorry hit Save before adding this info related to previous comment:
SELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from using the dac_override capability.

*****  Plugin dac_override (91.4 confidence) suggests  ***********************

If you want to help identify if domain needs this access or you have a file with the wrong permissions on your system
Then turn on full auditing to get path information about the offending file and generate the error again.
Do

Turn on full auditing
# auditctl -w /etc/shadow -p w
Try to recreate AVC. Then execute
# ausearch -m avc -ts recent
If you see PATH record check ownership/permissions on file, and fix it, 
otherwise report as a bugzilla.

*****  Plugin catchall (9.59 confidence) suggests  ***************************

If you believe that kcmdatetimehelper should have the dac_override capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep kcmdatetimehelp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:gnomeclock_t:s0-s0:c0.c1023
Target Context                system_u:system_r:gnomeclock_t:s0-s0:c0.c1023
Target Objects                / [ capability ]
Source                        kcmdatetimehelp
Source Path                   /usr/libexec/kde4/kcmdatetimehelper
Port                          <Unknown>
Host                          rln2dt.onshore.pgs.com
Source RPM Packages           kde-workspace-4.9.4-2.fc17.x86_64
Target RPM Packages           filesystem-3-2.fc17.x86_64
Policy RPM                    selinux-policy-3.10.0-161.fc17.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     rln2dt.onshore.pgs.com
Platform                      Linux rln2dt.onshore.pgs.com 3.6.10-2.fc17.x86_64
                              #1 SMP Tue Dec 11 18:07:34 UTC 2012 x86_64 x86_64
Alert Count                   3
First Seen                    2012-12-19 10:55:29 CST
Last Seen                     2012-12-19 11:19:15 CST
Local ID                      079bfa11-7ec8-4b18-b798-8ab54c7f1fa1

Raw Audit Messages
type=AVC msg=audit(1355937555.282:145): avc:  denied  { dac_override } for  pid=18239 comm="kcmdatetimehelp" capability=1  scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tclass=capability


type=SYSCALL msg=audit(1355937555.282:145): arch=x86_64 syscall=access success=no exit=EACCES a0=105d358 a1=2 a2=200 a3=2 items=1 ppid=1 pid=18239 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=kcmdatetimehelp exe=/usr/libexec/kde4/kcmdatetimehelper subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)

type=CWD msg=audit(1355937555.282:145): cwd=/

type=PATH msg=audit(1355937555.282:145): item=0 name=/ inode=2 dev=08:23 mode=040555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:root_t:s0

Hash: kcmdatetimehelp,gnomeclock_t,gnomeclock_t,capability,dac_override

audit2allow

#============= gnomeclock_t ==============
allow gnomeclock_t self:capability dac_override;

audit2allow -R

#============= gnomeclock_t ==============
allow gnomeclock_t self:capability dac_override;

Comment 49 Daniel Walsh 2012-12-19 19:06:55 UTC

This looks like these tools are trying to create content under / directory.

Comment 50 Daniel Walsh 2012-12-19 19:08:13 UTC

F18 now has this capability BTW.
allow gnomeclock_t self:capability { sys_nice sys_time dac_override };

Comment 51 Richard Nichols 2012-12-19 20:25:45 UTC

(In reply to comment #50)
> F18 now has this capability BTW.
> allow gnomeclock_t self:capability { sys_nice sys_time dac_override };

created: 
module mydatetime 1.0;

require {
        type gnomeclock_t;
        class capability { sys_nice sys_time dac_override };
}

#============= gnomeclock_t ==============
allow gnomeclock_t self:capability { sys_nice sys_time dac_override };

it passed checkmodule and compiled/installed and seems to work. However not entirely sure the class capability line is correct (I'm a selinux newbie).

Comment 52 Daniel Walsh 2012-12-19 20:33:56 UTC

That will work.  Check to see if the file /.config was created or /root/.config

Comment 53 Richard Nichols 2012-12-19 20:38:56 UTC

/root/.config was created. Everything seems to be happy now. Thanks Much

Comment 54 Mustafa Muhammad 2012-12-19 22:57:09 UTC

Using "Date & Time" KCM, when I try to change the time or date (or turn NTP on), SELinux prevents me from doing so.

Package: (null)
OS Release: Fedora release 18 (Spherical Cow)

Comment 55 Mustafa Muhammad 2012-12-19 23:05:09 UTC

When will this be pushed to the updates?

Comment 56 Daniel Walsh 2012-12-20 14:11:05 UTC

Are you asking about the SELinux fix?  It should be in updates for F18 now.

Comment 57 Mustafa Muhammad 2012-12-22 01:16:39 UTC

Yes, I am asking about the fix, now I updated (Fedora 18 beta) and after that I tried to change the time and no luck, same problem.

Comment 58 Kevin Kofler 2012-12-23 22:55:41 UTC

As I think I already explained somewhere (in one of the duplicates), we need dac_override because the pwent APIs need to be able to read /etc/passwd, and we need the pwent APIs to figure out what home directory to use (we can't hardcode /root because this is KConfig code which also needs to work in user apps) and $HOME is not set in this context.

If this is already allowed in F18, can we please also get this added to the F17 policy?

Comment 59 Kevin Kofler 2012-12-23 22:57:45 UTC

Though actually, wait… dac_override?! /etc/passwd shouldn't need dac_override. /etc/shadow sure does, but why the heck is stuff trying to read /etc/shadow? IIRC, somebody had an AVC about /etc/passwd for some reason, but that's not what's going on here.

Comment 60 Miroslav Grepl 2012-12-27 10:36:03 UTC

Mustafa,
how does it look with the latest updates.

Comment 61 moondrake 2012-12-27 14:05:03 UTC

For me, it still does not work (F18 latest updates, still wants to write to / it seems):

ELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from write access on the directory /.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that kcmdatetimehelper should be allowed write access on the  directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep kcmdatetimehelp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:gnomeclock_t:s0-s0:c0.c1023
Target Context                system_u:object_r:root_t:s0
Target Objects                / [ dir ]
Source                        kcmdatetimehelp
Source Path                   /usr/libexec/kde4/kcmdatetimehelper
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           kde-workspace-4.9.4-2.fc18.x86_64
Target RPM Packages           filesystem-3.1-2.fc18.x86_64
Policy RPM                    selinux-policy-3.11.1-67.fc18.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 3.6.11-3.fc18.x86_64
                              #1 SMP Mon Dec 17 21:35:39 UTC 2012 x86_64 x86_64
Alert Count                   5
First Seen                    2012-12-06 20:14:43 UTC
Last Seen                     2012-12-27 13:56:20 UTC
Local ID                      2cee0b83-5c9f-4f13-804a-32e840932390

Raw Audit Messages
type=AVC msg=audit(1356616580.461:746): avc:  denied  { write } for  pid=8395 comm="kcmdatetimehelp" name="/" dev="dm-1" ino=2 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir


type=SYSCALL msg=audit(1356616580.461:746): arch=x86_64 syscall=access success=no exit=EACCES a0=1271aa8 a1=2 a2=200 a3=2 items=0 ppid=1 pid=8395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=kcmdatetimehelp exe=/usr/libexec/kde4/kcmdatetimehelper subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)

Hash: kcmdatetimehelp,gnomeclock_t,root_t,dir,write

audit2allow

#============= gnomeclock_t ==============
#!!!! This avc can be allowed using the boolean 'daemons_dump_core'

allow gnomeclock_t root_t:dir write;

audit2allow -R

#============= gnomeclock_t ==============
#!!!! This avc can be allowed using the boolean 'daemons_dump_core'

allow gnomeclock_t root_t:dir write;

Comment 62 Mustafa Muhammad 2012-12-28 14:40:14 UTC

(In reply to comment #60)
> Mustafa,
> how does it look with the latest updates.

It doesn't work too, updated a few minutes ago, even rebooted, and the same problem.

Comment 63 Miroslav Grepl 2013-01-02 07:10:09 UTC

And do you see the same problem?

Comment 64 Mustafa Muhammad 2013-01-02 12:34:08 UTC

(In reply to comment #63)
> And do you see the same problem?

Yes, the same:

SELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from write access on the directory /.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that kcmdatetimehelper should be allowed write access on the  directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep kcmdatetimehelp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:gnomeclock_t:s0-s0:c0.c1023
Target Context                system_u:object_r:root_t:s0
Target Objects                / [ dir ]
Source                        kcmdatetimehelp
Source Path                   /usr/libexec/kde4/kcmdatetimehelper
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           kde-workspace-4.9.4-2.fc18.x86_64
Target RPM Packages           filesystem-3.1-2.fc18.x86_64
Policy RPM                    selinux-policy-3.11.1-66.fc18.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 3.6.10-4.fc18.x86_64
                              #1 SMP Tue Dec 11 18:01:27 UTC 2012 x86_64 x86_64
Alert Count                   1
First Seen                    2013-01-02 12:33:19 UTC
Last Seen                     2013-01-02 12:33:19 UTC
Local ID                      0d4c553f-db82-4a90-a053-d9ec0a94a83e

Raw Audit Messages
type=AVC msg=audit(1357129999.71:344): avc:  denied  { write } for  pid=2403 comm="kcmdatetimehelp" name="/" dev="sda7" ino=2 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir


type=SYSCALL msg=audit(1357129999.71:344): arch=x86_64 syscall=access success=no exit=EACCES a0=118ed68 a1=2 a2=200 a3=7fff23c3f5d0 items=0 ppid=1 pid=2403 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=kcmdatetimehelp exe=/usr/libexec/kde4/kcmdatetimehelper subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)

Hash: kcmdatetimehelp,gnomeclock_t,root_t,dir,write

audit2allow
audit2allow -R

Comment 65 Mircea Sava 2013-01-12 19:07:16 UTC

I adjusted the time

Package: (null)
Architecture: i686
OS Release: Fedora release 17 (Beefy Miracle)

Comment 66 Payas 2013-01-18 12:01:37 UTC

I wanted to adjust my time and so tried to set it. But when I try to apply the changed settings it produces this error.

Package: (null)
OS Release: Fedora release 18 (Spherical Cow)

Comment 67 Payas 2013-01-18 18:16:09 UTC

On attempt to set time zone, applying changed settings is denied.

Package: (null)
OS Release: Fedora release 18 (Spherical Cow)

Comment 68 monts 2013-01-20 14:27:00 UTC

seems selinux is blocking correct time updates via ntp 

Package: (null)
OS Release: Fedora release 18 (Spherical Cow)

Comment 69 Stephen Gallagher 2013-01-22 15:58:00 UTC

I attempted to change the time-zone using KDE's control panel.

Package: (null)
OS Release: Fedora release 18 (Spherical Cow)

Comment 70 Jouni Mäenpää 2013-01-23 09:15:05 UTC

I also get selinux denials on both 17 and 18.

Comment 71 Ray Evans 2013-01-28 09:36:27 UTC

This is again reproducible in Fedora 18.

Good news is that it does not seem to be occurring in Fedora 17.

Comment 72 Jouni Mäenpää 2013-01-29 17:35:01 UTC

(In reply to comment #71)
> This is again reproducible in Fedora 18.
> 
> Good news is that it does not seem to be occurring in Fedora 17.

My Fedora 17 installation still errors out with:

SELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from using the dac_override capability.

Comment 73 mamii 2013-01-31 07:26:11 UTC

change time zone

Package: (null)
OS Release: Fedora release 18 (Spherical Cow)

Comment 74 Stanislav Paláček 2013-02-03 08:19:38 UTC

I want change settings of clock.

Package: (null)
OS Release: Fedora release 18 (Spherical Cow)

Comment 75 monts 2013-02-08 18:04:51 UTC

Installed Packages
Name        : selinux-policy
Arch        : noarch
Version     : 3.11.1
Release     : 76.fc18
Size        : 62  
Repo        : installed
From repo   : updates-testing
Summary     : SELinux policy configuration
URL         : http://oss.tresys.com/repos/refpolicy/
License     : GPLv2+
Description : SELinux Reference Policy - modular.
            : Based off of reference policy: Checked out revision  2.20091117

I am now able to change the Time to my native time zone (HMT) Kolkata/India.
No selinux errors with this update. (resolved) 

KDE 4.10.00 
selinux-policy 3.11.1 - 76.fc18   
uname -a
Linux 3.7.6-201.fc18.x86_64

After cross conformation the bug can be closed. Thanks

Comment 76 Red Hat Bugzilla 2013-10-04 00:22:25 UTC

Removing external tracker bug with the id '4862' as it is not valid for this tracker

Comment 77 Red Hat Bugzilla 2013-10-04 00:22:41 UTC

Removing external tracker bug with the id '21030' as it is not valid for this tracker

Note You need to log in before you can comment on or make changes to this bug.

aa.lucelio
alekcejk
antimarklarcrust
bignikita
dartagnanarchuleta
desktop7.org
dwalsh
federico.michela
fedora
fn_ml
forgendy
henryju
jaguar07
janezja
jouni.000
jreznik
kevin
ltinkl
matthaedo
mgrepl
montosh.bisht
moondrake
msava
mustafa1024m
ncross
omardpana22
payasra
rdieter
redhat
rnovacek
roddy.mickael
sandro
sarrab1976
scomdev
sgallagh
simon.lewis
smparrish
srikkanth87
than
ziomaul