SELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from 'lock' accesses on the file /.config/Trolltech.conf. ***** Plugin catchall_labels (83.8 confidence) suggests ******************** If you want to allow kcmdatetimehelper to have lock access on the Trolltech.conf file Then you need to change the label on /.config/Trolltech.conf Do # semanage fcontext -a -t FILE_TYPE '/.config/Trolltech.conf' where FILE_TYPE is one of the following: system_dbusd_var_lib_t, bin_t, cert_t, usr_t, gnomeclock_exec_t, abrt_var_run_t, sssd_public_t, locale_t, etc_t, proc_t, sysctl_crypto_t, system_cronjob_var_lib_t, policykit_var_lib_t, krb5_conf_t, abrt_t, lib_t, shell_exec_t, dbusd_etc_t, userdomain, policykit_reload_t, rpm_script_tmp_t, samba_var_t, net_conf_t, sosreport_tmp_t, etc_runtime_t, rpm_tmp_t, config_usr_t, ld_so_cache_t, consoletype_exec_t, gnomeclock_t, cert_t, net_conf_t. Then execute: restorecon -v '/.config/Trolltech.conf' ***** Plugin catchall (17.1 confidence) suggests *************************** If you believe that kcmdatetimehelper should be allowed lock access on the Trolltech.conf file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep kcmdatetimehelp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 Target Context system_u:object_r:default_t:s0 Target Objects /.config/Trolltech.conf [ file ] Source kcmdatetimehelp Source Path /usr/libexec/kde4/kcmdatetimehelper Port <Неизвестно> Host (removed) Source RPM Packages kdebase-workspace-4.6.1-6.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-10.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 2.6.38.2-9.fc15.x86_64 #1 SMP Wed Mar 30 16:55:57 UTC 2011 x86_64 x86_64 Alert Count 2 First Seen Пнд 04 Апр 2011 00:40:15 Last Seen Пнд 04 Апр 2011 00:41:01 Local ID 6c474e09-f65f-4d83-854f-47a5d3dfaa17 Raw Audit Messages type=AVC msg=audit(1301863261.419:438): avc: denied { lock } for pid=17398 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev=dm-1 ino=1310722 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1301863261.419:438): arch=x86_64 syscall=fcntl success=yes exit=0 a0=3 a1=7 a2=7fff6497af70 a3=e items=0 ppid=17397 pid=17398 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=kcmdatetimehelp exe=/usr/libexec/kde4/kcmdatetimehelper subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) Hash: kcmdatetimehelp,gnomeclock_t,default_t,file,lock audit2allow #============= gnomeclock_t ============== allow gnomeclock_t default_t:file lock; audit2allow -R #============= gnomeclock_t ============== allow gnomeclock_t default_t:file lock;
This is a bug in KDE. You can allow it for now using # semanage fcontext -a -e /usr/share/kde4 /.config # restorecon -R -v /.config
Right, this is a bug, writing to /.config is just broken.
/.config/Trolltech.conf appeared in F14 some time ago but not appears anymore after I removed it but still appears in F15 after removing.
*** Bug 708581 has been marked as a duplicate of this bug. ***
Same application, but this is alert for read access, not locking: SELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from read access on the file /.config/Trolltech.conf. ***** Plugin catchall_labels (83.8 confidence) suggests ******************** If you want to allow kcmdatetimehelper to have read access on the Trolltech.conf file Then you need to change the label on /.config/Trolltech.conf Do # semanage fcontext -a -t FILE_TYPE '/.config/Trolltech.conf' where FILE_TYPE is one of the following: consoletype_exec_t, hwclock_exec_t, gnomeclock_t, ntpd_initrc_exec_t, system_dbusd_var_lib_t, policykit_auth_exec_t, ld_so_cache_t, bin_t, cert_t, usr_t, gnomeclock_exec_t, locale_t, sssd_public_t, etc_t, proc_t, system_cronjob_var_lib_t, policykit_var_lib_t, abrt_var_run_t, krb5_conf_t, shell_exec_t, sysctl_crypto_t, dbusd_etc_t, systemd_systemctl_exec_t, userdomain, abrt_t, ntpdate_exec_t, lib_t, afs_cache_t, policykit_reload_t, abrt_helper_exec_t, samba_var_t, ld_so_t, net_conf_t, textrel_shlib_t, etc_runtime_t, config_usr_t, rpm_script_tmp_t, cert_t, net_conf_t. Then execute: restorecon -v '/.config/Trolltech.conf' ***** Plugin catchall (17.1 confidence) suggests *************************** If you believe that kcmdatetimehelper should be allowed read access on the Trolltech.conf file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep kcmdatetimehelp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 Target Context system_u:object_r:default_t:s0 Target Objects /.config/Trolltech.conf [ file ] Source kcmdatetimehelp Source Path /usr/libexec/kde4/kcmdatetimehelper Port <Unknown> Host mainlinux.scom Source RPM Packages kdebase-workspace-4.6.3-5.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-24.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name mainlinux.scom Platform Linux mainlinux.scom 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28 UTC 2011 x86_64 x86_64 Alert Count 2 First Seen Wed 01 Jun 2011 17:52:44 BST Last Seen Wed 01 Jun 2011 17:54:09 BST Local ID c11e5afa-79fc-4c01-a5af-c99ec7565b31 Raw Audit Messages type=AVC msg=audit(1306947249.274:228): avc: denied { read } for pid=12824 comm="kcmdatetimehelp" name="Trolltech.conf" dev=dm-4 ino=2621442 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1306947249.274:228): arch=x86_64 syscall=open success=no exit=EACCES a0=1e865e8 a1=80000 a2=1b6 a3=0 items=0 ppid=1 pid=12824 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=kcmdatetimehelp exe=/usr/libexec/kde4/kcmdatetimehelper subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) Hash: kcmdatetimehelp,gnomeclock_t,default_t,file,read audit2allow #============= gnomeclock_t ============== allow gnomeclock_t default_t:file read; audit2allow -R #============= gnomeclock_t ============== allow gnomeclock_t default_t:file read; Fedora 15 x86_64 kernel 2.6.38.6-27.fc15.x86_64 KDE 4.6.3
Petri, please execute # semanage fcontext -a -e /usr/share/kde4 /.config # restorecon -R -v /.config
*** Bug 711025 has been marked as a duplicate of this bug. ***
File /.config/Trolltech.conf not created after I changed and saved settings in "Login Screen" in systemsettings. But after kdebase-workspace (and kdm) update file /.config/Trolltech.conf created again.
*** Bug 727463 has been marked as a duplicate of this bug. ***
*** Bug 747306 has been marked as a duplicate of this bug. ***
Bug persists after executing the following: # semanage fcontext -a -e /usr/share/kde4 /.config # restorecon -R -v /.config
What AVC are you getting?
Miroslav, I'm not sure exactly what info would be helpful so I will just post the contents of the SETroubleshoot Details Window for both SELinux alerts: SELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from write access on the sock_file log. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that kcmdatetimehelper should be allowed write access on the log sock_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep kcmdatetimehelp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 Target Context system_u:object_r:devlog_t:s0 Target Objects log [ sock_file ] Source kcmdatetimehelp Source Path /usr/libexec/kde4/kcmdatetimehelper Port <Unknown> Host thinkpad.home Source RPM Packages kdebase-workspace-4.7.3-12.fc16 Target RPM Packages Policy RPM selinux-policy-3.10.0-56.fc16 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name thinkpad.home Platform Linux thinkpad.home 3.1.2-1.fc16.x86_64 #1 SMP Tue Nov 22 09:00:57 UTC 2011 x86_64 x86_64 Alert Count 4 First Seen Sun 20 Nov 2011 04:55:38 PM EST Last Seen Mon 28 Nov 2011 04:30:21 AM EST Local ID d94b422c-6e13-4a70-8c1f-17998b2a151f Raw Audit Messages type=AVC msg=audit(1322472621.437:355): avc: denied { write } for pid=6469 comm="kcmdatetimehelp" name="log" dev=devtmpfs ino=8580 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:devlog_t:s0 tclass=sock_file type=SYSCALL msg=audit(1322472621.437:355): arch=x86_64 syscall=connect success=no exit=EACCES a0=8 a1=388cdb1820 a2=6e a3=0 items=0 ppid=6468 pid=6469 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=kcmdatetimehelp exe=/usr/libexec/kde4/kcmdatetimehelper subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) Hash: kcmdatetimehelp,gnomeclock_t,devlog_t,sock_file,write audit2allow #============= gnomeclock_t ============== allow gnomeclock_t devlog_t:sock_file write; audit2allow -R #============= gnomeclock_t ============== allow gnomeclock_t devlog_t:sock_file write; as well as: SELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from write access on the file /.config/Trolltech.conf. ***** Plugin catchall_labels (83.8 confidence) suggests ******************** If you want to allow kcmdatetimehelper to have write access on the Trolltech.conf file Then you need to change the label on /.config/Trolltech.conf Do # semanage fcontext -a -t FILE_TYPE '/.config/Trolltech.conf' where FILE_TYPE is one of the following: gnomeclock_t, afs_cache_t, locale_t, config_usr_t. Then execute: restorecon -v '/.config/Trolltech.conf' ***** Plugin catchall (17.1 confidence) suggests *************************** If you believe that kcmdatetimehelper should be allowed write access on the Trolltech.conf file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep kcmdatetimehelp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 Target Context system_u:object_r:usr_t:s0 Target Objects /.config/Trolltech.conf [ file ] Source kcmdatetimehelp Source Path /usr/libexec/kde4/kcmdatetimehelper Port <Unknown> Host thinkpad.home Source RPM Packages kdebase-workspace-4.7.3-12.fc16 Target RPM Packages Policy RPM selinux-policy-3.10.0-56.fc16 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name thinkpad.home Platform Linux thinkpad.home 3.1.2-1.fc16.x86_64 #1 SMP Tue Nov 22 09:00:57 UTC 2011 x86_64 x86_64 Alert Count 5 First Seen Sun 20 Nov 2011 04:55:38 PM EST Last Seen Mon 28 Nov 2011 04:30:21 AM EST Local ID 407b652d-aaca-464f-956b-72f57bd9e092 Raw Audit Messages type=AVC msg=audit(1322472621.444:356): avc: denied { write } for pid=6469 comm="kcmdatetimehelp" name="Trolltech.conf" dev=dm-2 ino=3014658 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file type=SYSCALL msg=audit(1322472621.444:356): arch=x86_64 syscall=open success=no exit=EACCES a0=1f06608 a1=80042 a2=1b6 a3=0 items=0 ppid=6468 pid=6469 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=kcmdatetimehelp exe=/usr/libexec/kde4/kcmdatetimehelper subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) Hash: kcmdatetimehelp,gnomeclock_t,usr_t,file,write audit2allow #============= gnomeclock_t ============== allow gnomeclock_t usr_t:file write; audit2allow -R #============= gnomeclock_t ============== allow gnomeclock_t usr_t:file write;
I see the bug in my comment, you need to execute # semanage fcontext -d -e /usr/share/kde4 /.config # semanage fcontext -a -e /usr/share/config /.config # restorecon -R -v /.config
Now I see the following: SELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from write access on the sock_file log. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that kcmdatetimehelper should be allowed write access on the log sock_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep kcmdatetimehelp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 Target Context system_u:object_r:devlog_t:s0 Target Objects log [ sock_file ] Source kcmdatetimehelp Source Path /usr/libexec/kde4/kcmdatetimehelper Port <Unknown> Host (removed) Source RPM Packages kdebase-workspace-4.7.3-12.fc16 Target RPM Packages Policy RPM selinux-policy-3.10.0-56.fc16 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux thinkpad.home 3.1.2-1.fc16.x86_64 #1 SMP Tue Nov 22 09:00:57 UTC 2011 x86_64 x86_64 Alert Count 1 First Seen Thu 01 Dec 2011 10:47:07 PM EST Last Seen Thu 01 Dec 2011 10:47:07 PM EST Local ID 3f3ed72b-5913-49c9-bc3a-f8df3287aee7 Raw Audit Messages type=AVC msg=audit(1322797627.975:129): avc: denied { write } for pid=4318 comm="kcmdatetimehelp" name="log" dev=devtmpfs ino=10191 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:devlog_t:s0 tclass=sock_file type=SYSCALL msg=audit(1322797627.975:129): arch=x86_64 syscall=connect success=no exit=EACCES a0=8 a1=7f21a9e77820 a2=6e a3=0 items=0 ppid=4317 pid=4318 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=kcmdatetimehelp exe=/usr/libexec/kde4/kcmdatetimehelper subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) Hash: kcmdatetimehelp,gnomeclock_t,devlog_t,sock_file,write audit2allow #============= gnomeclock_t ============== allow gnomeclock_t devlog_t:sock_file write; audit2allow -R #============= gnomeclock_t ============== allow gnomeclock_t devlog_t:sock_file write;
Fixed in selinux-policy-3.9.16-49.fc15
I am running selinux-policy-3.10.0-56-fc16.
(In reply to comment #17) > I am running selinux-policy-3.10.0-56-fc16. Also fixed in selinux-policy-3.10.0-64.fc16. A new build will be done today.
*** Bug 799633 has been marked as a duplicate of this bug. ***
*** Bug 810661 has been marked as a duplicate of this bug. ***
I am now seeing this on Fedora 16 as of today. It will not let me change my time zone.
What does $ rpm -q selinux-policy $ ausearch -m avc |grep gnomeclock
selinux-policy-3.10.0-84.fc16.noarch ausearch -m avc |grep gnomeclock type=SYSCALL msg=audit(1336593340.722:563): arch=c000003e syscall=2 success=no exit=-13 a0=1015f98 a1=80042 a2=1b6 a3=0 items=0 ppid=4619 pid=4620 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336593340.722:563): avc: denied { write } for pid=4620 comm="kcmdatetimehelp" name="Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file type=SYSCALL msg=audit(1336593346.439:566): arch=c000003e syscall=21 success=no exit=-13 a0=10288a8 a1=2 a2=1028801 a3=0 items=0 ppid=1 pid=4620 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336593346.439:566): avc: denied { write } for pid=4620 comm="kcmdatetimehelp" name="config" dev="dm-2" ino=1572867 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir type=SYSCALL msg=audit(1336593346.439:567): arch=c000003e syscall=21 success=no exit=-13 a0=10288a8 a1=2 a2=200 a3=7fff9ab359b0 items=0 ppid=1 pid=4620 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336593346.439:567): avc: denied { write } for pid=4620 comm="kcmdatetimehelp" name="config" dev="dm-2" ino=1572867 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir type=SYSCALL msg=audit(1336595795.903:49): arch=c000003e syscall=2 success=no exit=-13 a0=17d5df8 a1=80042 a2=1b6 a3=0 items=0 ppid=1920 pid=1921 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336595795.903:49): avc: denied { write } for pid=1921 comm="kcmdatetimehelp" name="Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file type=SYSCALL msg=audit(1336595807.194:53): arch=c000003e syscall=21 success=no exit=-13 a0=17e7558 a1=2 a2=17e7501 a3=0 items=0 ppid=1 pid=1921 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336595807.194:53): avc: denied { write } for pid=1921 comm="kcmdatetimehelp" name="config" dev="dm-2" ino=1572867 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir type=SYSCALL msg=audit(1336595807.194:54): arch=c000003e syscall=21 success=no exit=-13 a0=17e7558 a1=2 a2=200 a3=7fff4de860d0 items=0 ppid=1 pid=1921 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336595807.194:54): avc: denied { write } for pid=1921 comm="kcmdatetimehelp" name="config" dev="dm-2" ino=1572867 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir type=SYSCALL msg=audit(1336596142.533:59): arch=c000003e syscall=6 success=no exit=-13 a0=90a2e8 a1=7fff9f5b3e60 a2=7fff9f5b3e60 a3=7fff9f5b3bf0 items=0 ppid=2320 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336596142.533:59): avc: denied { getattr } for pid=2321 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336596142.533:60): arch=c000003e syscall=2 success=no exit=-13 a0=90a2e8 a1=80000 a2=1b6 a3=7fff9f5b3bc0 items=0 ppid=2320 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336596142.533:60): avc: denied { read } for pid=2321 comm="kcmdatetimehelp" name="Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336596142.533:61): arch=c000003e syscall=4 success=no exit=-13 a0=911108 a1=7fff9f5b3ed0 a2=7fff9f5b3ed0 a3=0 items=0 ppid=2320 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336596142.533:61): avc: denied { getattr } for pid=2321 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336596142.757:62): arch=c000003e syscall=6 success=no exit=-13 a0=943248 a1=7fff9f5b4450 a2=7fff9f5b4450 a3=0 items=0 ppid=1 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336596142.757:62): avc: denied { getattr } for pid=2321 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336596142.757:63): arch=c000003e syscall=4 success=no exit=-13 a0=94bbb8 a1=7fff9f5b4410 a2=7fff9f5b4410 a3=0 items=0 ppid=1 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336596142.757:63): avc: denied { getattr } for pid=2321 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336596142.757:64): arch=c000003e syscall=2 success=no exit=-13 a0=90a368 a1=800c2 a2=180 a3=0 items=0 ppid=1 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336596142.757:64): avc: denied { write } for pid=2321 comm="kcmdatetimehelp" name=".config" dev="dm-2" ino=1441793 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir type=SYSCALL msg=audit(1336596142.757:65): arch=c000003e syscall=2 success=no exit=-13 a0=943248 a1=80000 a2=1b6 a3=0 items=0 ppid=1 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336596142.757:65): avc: denied { read } for pid=2321 comm="kcmdatetimehelp" name="Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336596142.757:66): arch=c000003e syscall=4 success=no exit=-13 a0=94bbb8 a1=7fff9f5b44c0 a2=7fff9f5b44c0 a3=0 items=0 ppid=1 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336596142.757:66): avc: denied { getattr } for pid=2321 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336596146.033:69): arch=c000003e syscall=21 success=no exit=-13 a0=9645d8 a1=2 a2=964501 a3=0 items=0 ppid=1 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336596146.033:69): avc: denied { write } for pid=2321 comm="kcmdatetimehelp" name="config" dev="dm-2" ino=1572867 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir type=SYSCALL msg=audit(1336596146.033:70): arch=c000003e syscall=21 success=no exit=-13 a0=9645d8 a1=2 a2=200 a3=7fff9f5b2f20 items=0 ppid=1 pid=2321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336596146.033:70): avc: denied { write } for pid=2321 comm="kcmdatetimehelp" name="config" dev="dm-2" ino=1572867 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir type=SYSCALL msg=audit(1336636593.862:99): arch=c000003e syscall=6 success=no exit=-13 a0=1cd62e8 a1=7fff135c7550 a2=7fff135c7550 a3=7fff135c72e0 items=0 ppid=3693 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336636593.862:99): avc: denied { getattr } for pid=3694 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336636593.862:100): arch=c000003e syscall=2 success=no exit=-13 a0=1cd62e8 a1=80000 a2=1b6 a3=7fff135c72b0 items=0 ppid=3693 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336636593.862:100): avc: denied { read } for pid=3694 comm="kcmdatetimehelp" name="Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336636593.862:101): arch=c000003e syscall=4 success=no exit=-13 a0=1cdd108 a1=7fff135c75c0 a2=7fff135c75c0 a3=0 items=0 ppid=3693 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336636593.862:101): avc: denied { getattr } for pid=3694 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336636593.879:102): arch=c000003e syscall=6 success=no exit=-13 a0=1d14e08 a1=7fff135c7b40 a2=7fff135c7b40 a3=0 items=0 ppid=3693 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336636593.879:102): avc: denied { getattr } for pid=3694 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336636593.879:103): arch=c000003e syscall=4 success=no exit=-13 a0=1d13198 a1=7fff135c7b00 a2=7fff135c7b00 a3=0 items=0 ppid=3693 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336636593.879:103): avc: denied { getattr } for pid=3694 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336636593.879:104): arch=c000003e syscall=2 success=no exit=-13 a0=1d16f78 a1=800c2 a2=180 a3=0 items=0 ppid=3693 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336636593.879:104): avc: denied { write } for pid=3694 comm="kcmdatetimehelp" name=".config" dev="dm-2" ino=1441793 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir type=SYSCALL msg=audit(1336636593.879:105): arch=c000003e syscall=2 success=no exit=-13 a0=1d14e08 a1=80000 a2=1b6 a3=0 items=0 ppid=3693 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336636593.879:105): avc: denied { read } for pid=3694 comm="kcmdatetimehelp" name="Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336636593.879:106): arch=c000003e syscall=4 success=no exit=-13 a0=1d13198 a1=7fff135c7bb0 a2=7fff135c7bb0 a3=0 items=0 ppid=3693 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336636593.879:106): avc: denied { getattr } for pid=3694 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336636596.928:109): arch=c000003e syscall=21 success=no exit=-13 a0=1d25838 a1=2 a2=1d25801 a3=0 items=0 ppid=1 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336636596.928:109): avc: denied { write } for pid=3694 comm="kcmdatetimehelp" name="config" dev="dm-2" ino=1572867 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir type=SYSCALL msg=audit(1336636596.928:110): arch=c000003e syscall=21 success=no exit=-13 a0=1d25838 a1=2 a2=200 a3=7fff135c6610 items=0 ppid=1 pid=3694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336636596.928:110): avc: denied { write } for pid=3694 comm="kcmdatetimehelp" name="config" dev="dm-2" ino=1572867 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir type=SYSCALL msg=audit(1336636647.915:112): arch=c000003e syscall=2 success=no exit=-13 a0=8842e8 a1=80000 a2=1b6 a3=7fff6d4fb350 items=0 ppid=3838 pid=3839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336636647.915:112): avc: denied { read } for pid=3839 comm="kcmdatetimehelp" name="Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336636647.915:113): arch=c000003e syscall=4 success=no exit=-13 a0=88b108 a1=7fff6d4fb660 a2=7fff6d4fb660 a3=0 items=0 ppid=3838 pid=3839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336636647.915:113): avc: denied { getattr } for pid=3839 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336636647.915:111): arch=c000003e syscall=6 success=no exit=-13 a0=8842e8 a1=7fff6d4fb5f0 a2=7fff6d4fb5f0 a3=7fff6d4fb380 items=0 ppid=3838 pid=3839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336636647.915:111): avc: denied { getattr } for pid=3839 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336636647.934:114): arch=c000003e syscall=6 success=no exit=-13 a0=8c1868 a1=7fff6d4fbbe0 a2=7fff6d4fbbe0 a3=0 items=0 ppid=3838 pid=3839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336636647.934:114): avc: denied { getattr } for pid=3839 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336636647.935:115): arch=c000003e syscall=4 success=no exit=-13 a0=8c30e8 a1=7fff6d4fbba0 a2=7fff6d4fbba0 a3=0 items=0 ppid=3838 pid=3839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336636647.935:115): avc: denied { getattr } for pid=3839 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336636647.935:116): arch=c000003e syscall=2 success=no exit=-13 a0=8c5318 a1=800c2 a2=180 a3=0 items=0 ppid=3838 pid=3839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336636647.935:116): avc: denied { write } for pid=3839 comm="kcmdatetimehelp" name=".config" dev="dm-2" ino=1441793 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir type=SYSCALL msg=audit(1336636647.936:117): arch=c000003e syscall=2 success=no exit=-13 a0=8c1868 a1=80000 a2=1b6 a3=0 items=0 ppid=1 pid=3839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336636647.936:117): avc: denied { read } for pid=3839 comm="kcmdatetimehelp" name="Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336636647.936:118): arch=c000003e syscall=4 success=no exit=-13 a0=8c30e8 a1=7fff6d4fbc50 a2=7fff6d4fbc50 a3=0 items=0 ppid=1 pid=3839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336636647.936:118): avc: denied { getattr } for pid=3839 comm="kcmdatetimehelp" path="/.config/Trolltech.conf" dev="dm-2" ino=1441794 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=file type=SYSCALL msg=audit(1336636651.087:121): arch=c000003e syscall=21 success=no exit=-13 a0=8cf2e8 a1=2 a2=8cf201 a3=0 items=0 ppid=1 pid=3839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336636651.087:121): avc: denied { write } for pid=3839 comm="kcmdatetimehelp" name="config" dev="dm-2" ino=1572867 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir type=SYSCALL msg=audit(1336636651.087:122): arch=c000003e syscall=21 success=no exit=-13 a0=8cf2e8 a1=2 a2=200 a3=7fff6d4fa6b0 items=0 ppid=1 pid=3839 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1336636651.087:122): avc: denied { write } for pid=3839 comm="kcmdatetimehelp" name="config" dev="dm-2" ino=1572867 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir
Created attachment 584138 [details] Comment abut the solution. The problem was partialy solved. It does the time update and time stays ok. No error or message generated by Selinux. But on next boot the update is lost. Time gets back to one hour ahead.
I don't think failing to set the clock has anything to do with the access to /.config, they're unrelated issues. It's the executing of hwclock which seems to be failing here.
I am having the same trouble, clock is always one day ahead. I can reset the date but the next time I boot it is again one day ahead...
*** Bug 840155 has been marked as a duplicate of this bug. ***
After installing qt-4.8.3-5.fc17 file /.config/Trolltech.conf not appears after deleting and reboot.
qt-4.8.3-5.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/FEDORA-2012-16551/qt-4.8.3-5.fc18
It is great to have a fix for this issue.
Tried to change the timezone and enable NTP through the KDE settings GUI. Package: (null) OS Release: Fedora release 18 (Spherical Cow)
Sandro, what version of qt did you test with? qt-4.8.3-5 or newer (or not)?
Wished I could tell but won't have access to that system until Monday anymore :( I'm not even sure whether I've seen the issue before or after updating the system :/ Should have checked the current status after reporting the issue through sealert so I would have noticed the update. Sorry to be of no help here.
qt-4.8.3-7.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/qt-4.8.3-7.fc16
qt-4.8.3-7.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/qt-4.8.3-7.fc17
*** Bug 873193 has been marked as a duplicate of this bug. ***
qt-4.8.3-7.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
*** Bug 873916 has been marked as a duplicate of this bug. ***
qt-4.8.3-5.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
qt-4.8.3-7.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
We seem to be seeing this in F18 again?
where/how? using what qt builds?
In particular, the initial "fix" we're using in builds 4.8.3-5+ borrowed from other distros (not upstreamed yet), http://pkgs.fedoraproject.org/cgit/qt.git/tree/qt-everywhere-opensource-src-4.8.3-QTBUG-4862.patch is that calls to QFileSystemEngine::homePath() initially simply tried qgetenv("HOME"), and stopped there The patch tries harder, checks if that's empty, then uses getpwuid-type calls to grok the uid's homedir. The long and short of it, is the polkit-initiated app-calls that once bailed-out and tried to use / to store root files, should properly hit /root now If that's not working, the mystery now is how and why getpwuid and friends aren't working either.
*** Bug 689925 has been marked as a duplicate of this bug. ***
None of the public time servers seem to be online, so I thought I would just manually override the settings and set my timezone to CET which is my timezone. Still after every boot of the system the timeclock automatically is set back for one hour. This shouldn't bother me that much if I wouldn get that SElinux notification every time. Please fix the bug or set up different server pools for automatic timeadjustment through use of the internet. Package: (null) Architecture: i686 OS Release: Fedora release 17 (Beefy Miracle)
The bug really should be fixed if you have qt-4.8.3-5+ installed (the helpers then should use /root/.config instead of toplevel /.config), but you may want to delete /.config directory for good measure.
Trying to get Date and Time to function and get similar AVC denial to those above but slightly different. This is FC17 machine and I just performed yum update to make sure I had current pkgs. The version of QT is: qt-4.8.4-1.fc17.x86_64 After turning on Auditing ausearch returned: sudo ausearch -m avc -ts recent time->Wed Dec 19 09:51:21 2012 type=PATH msg=audit(1355932281.715:117): item=0 name="/" inode=2 dev=08:23 mode=040555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:root_t:s0 type=CWD msg=audit(1355932281.715:117): cwd="/" type=SYSCALL msg=audit(1355932281.715:117): arch=c000003e syscall=21 success=no exit=-13 a0=152b5b8 a1=2 a2=200 a3=7fffe17801a0 items=1 ppid=1 pid=2457 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kcmdatetimehelp" exe="/usr/libexec/kde4/kcmdatetimehelper" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1355932281.715:117): avc: denied { dac_override } for pid=2457 comm="kcmdatetimehelp" capability=1 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tclass=capability Not sure what all of this is telling me... Looks like it is trying to access "/", which is different from errors in previous comments for /.kde & /.config, so I'm not sure if this is something new or an error on my part.
Sorry hit Save before adding this info related to previous comment: SELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from using the dac_override capability. ***** Plugin dac_override (91.4 confidence) suggests *********************** If you want to help identify if domain needs this access or you have a file with the wrong permissions on your system Then turn on full auditing to get path information about the offending file and generate the error again. Do Turn on full auditing # auditctl -w /etc/shadow -p w Try to recreate AVC. Then execute # ausearch -m avc -ts recent If you see PATH record check ownership/permissions on file, and fix it, otherwise report as a bugzilla. ***** Plugin catchall (9.59 confidence) suggests *************************** If you believe that kcmdatetimehelper should have the dac_override capability by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep kcmdatetimehelp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 Target Context system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 Target Objects / [ capability ] Source kcmdatetimehelp Source Path /usr/libexec/kde4/kcmdatetimehelper Port <Unknown> Host rln2dt.onshore.pgs.com Source RPM Packages kde-workspace-4.9.4-2.fc17.x86_64 Target RPM Packages filesystem-3-2.fc17.x86_64 Policy RPM selinux-policy-3.10.0-161.fc17.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name rln2dt.onshore.pgs.com Platform Linux rln2dt.onshore.pgs.com 3.6.10-2.fc17.x86_64 #1 SMP Tue Dec 11 18:07:34 UTC 2012 x86_64 x86_64 Alert Count 3 First Seen 2012-12-19 10:55:29 CST Last Seen 2012-12-19 11:19:15 CST Local ID 079bfa11-7ec8-4b18-b798-8ab54c7f1fa1 Raw Audit Messages type=AVC msg=audit(1355937555.282:145): avc: denied { dac_override } for pid=18239 comm="kcmdatetimehelp" capability=1 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tclass=capability type=SYSCALL msg=audit(1355937555.282:145): arch=x86_64 syscall=access success=no exit=EACCES a0=105d358 a1=2 a2=200 a3=2 items=1 ppid=1 pid=18239 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=kcmdatetimehelp exe=/usr/libexec/kde4/kcmdatetimehelper subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) type=CWD msg=audit(1355937555.282:145): cwd=/ type=PATH msg=audit(1355937555.282:145): item=0 name=/ inode=2 dev=08:23 mode=040555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:root_t:s0 Hash: kcmdatetimehelp,gnomeclock_t,gnomeclock_t,capability,dac_override audit2allow #============= gnomeclock_t ============== allow gnomeclock_t self:capability dac_override; audit2allow -R #============= gnomeclock_t ============== allow gnomeclock_t self:capability dac_override;
This looks like these tools are trying to create content under / directory.
F18 now has this capability BTW. allow gnomeclock_t self:capability { sys_nice sys_time dac_override };
(In reply to comment #50) > F18 now has this capability BTW. > allow gnomeclock_t self:capability { sys_nice sys_time dac_override }; created: module mydatetime 1.0; require { type gnomeclock_t; class capability { sys_nice sys_time dac_override }; } #============= gnomeclock_t ============== allow gnomeclock_t self:capability { sys_nice sys_time dac_override }; it passed checkmodule and compiled/installed and seems to work. However not entirely sure the class capability line is correct (I'm a selinux newbie).
That will work. Check to see if the file /.config was created or /root/.config
/root/.config was created. Everything seems to be happy now. Thanks Much
Using "Date & Time" KCM, when I try to change the time or date (or turn NTP on), SELinux prevents me from doing so. Package: (null) OS Release: Fedora release 18 (Spherical Cow)
When will this be pushed to the updates?
Are you asking about the SELinux fix? It should be in updates for F18 now.
Yes, I am asking about the fix, now I updated (Fedora 18 beta) and after that I tried to change the time and no luck, same problem.
As I think I already explained somewhere (in one of the duplicates), we need dac_override because the pwent APIs need to be able to read /etc/passwd, and we need the pwent APIs to figure out what home directory to use (we can't hardcode /root because this is KConfig code which also needs to work in user apps) and $HOME is not set in this context. If this is already allowed in F18, can we please also get this added to the F17 policy?
Though actually, wait… dac_override?! /etc/passwd shouldn't need dac_override. /etc/shadow sure does, but why the heck is stuff trying to read /etc/shadow? IIRC, somebody had an AVC about /etc/passwd for some reason, but that's not what's going on here.
Mustafa, how does it look with the latest updates.
For me, it still does not work (F18 latest updates, still wants to write to / it seems): ELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from write access on the directory /. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that kcmdatetimehelper should be allowed write access on the directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep kcmdatetimehelp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 Target Context system_u:object_r:root_t:s0 Target Objects / [ dir ] Source kcmdatetimehelp Source Path /usr/libexec/kde4/kcmdatetimehelper Port <Unknown> Host localhost.localdomain Source RPM Packages kde-workspace-4.9.4-2.fc18.x86_64 Target RPM Packages filesystem-3.1-2.fc18.x86_64 Policy RPM selinux-policy-3.11.1-67.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost.localdomain Platform Linux localhost.localdomain 3.6.11-3.fc18.x86_64 #1 SMP Mon Dec 17 21:35:39 UTC 2012 x86_64 x86_64 Alert Count 5 First Seen 2012-12-06 20:14:43 UTC Last Seen 2012-12-27 13:56:20 UTC Local ID 2cee0b83-5c9f-4f13-804a-32e840932390 Raw Audit Messages type=AVC msg=audit(1356616580.461:746): avc: denied { write } for pid=8395 comm="kcmdatetimehelp" name="/" dev="dm-1" ino=2 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir type=SYSCALL msg=audit(1356616580.461:746): arch=x86_64 syscall=access success=no exit=EACCES a0=1271aa8 a1=2 a2=200 a3=2 items=0 ppid=1 pid=8395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=kcmdatetimehelp exe=/usr/libexec/kde4/kcmdatetimehelper subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) Hash: kcmdatetimehelp,gnomeclock_t,root_t,dir,write audit2allow #============= gnomeclock_t ============== #!!!! This avc can be allowed using the boolean 'daemons_dump_core' allow gnomeclock_t root_t:dir write; audit2allow -R #============= gnomeclock_t ============== #!!!! This avc can be allowed using the boolean 'daemons_dump_core' allow gnomeclock_t root_t:dir write;
(In reply to comment #60) > Mustafa, > how does it look with the latest updates. It doesn't work too, updated a few minutes ago, even rebooted, and the same problem.
And do you see the same problem?
(In reply to comment #63) > And do you see the same problem? Yes, the same: SELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from write access on the directory /. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that kcmdatetimehelper should be allowed write access on the directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep kcmdatetimehelp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 Target Context system_u:object_r:root_t:s0 Target Objects / [ dir ] Source kcmdatetimehelp Source Path /usr/libexec/kde4/kcmdatetimehelper Port <Unknown> Host localhost.localdomain Source RPM Packages kde-workspace-4.9.4-2.fc18.x86_64 Target RPM Packages filesystem-3.1-2.fc18.x86_64 Policy RPM selinux-policy-3.11.1-66.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost.localdomain Platform Linux localhost.localdomain 3.6.10-4.fc18.x86_64 #1 SMP Tue Dec 11 18:01:27 UTC 2012 x86_64 x86_64 Alert Count 1 First Seen 2013-01-02 12:33:19 UTC Last Seen 2013-01-02 12:33:19 UTC Local ID 0d4c553f-db82-4a90-a053-d9ec0a94a83e Raw Audit Messages type=AVC msg=audit(1357129999.71:344): avc: denied { write } for pid=2403 comm="kcmdatetimehelp" name="/" dev="sda7" ino=2 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir type=SYSCALL msg=audit(1357129999.71:344): arch=x86_64 syscall=access success=no exit=EACCES a0=118ed68 a1=2 a2=200 a3=7fff23c3f5d0 items=0 ppid=1 pid=2403 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=kcmdatetimehelp exe=/usr/libexec/kde4/kcmdatetimehelper subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) Hash: kcmdatetimehelp,gnomeclock_t,root_t,dir,write audit2allow audit2allow -R
I adjusted the time Package: (null) Architecture: i686 OS Release: Fedora release 17 (Beefy Miracle)
I wanted to adjust my time and so tried to set it. But when I try to apply the changed settings it produces this error. Package: (null) OS Release: Fedora release 18 (Spherical Cow)
On attempt to set time zone, applying changed settings is denied. Package: (null) OS Release: Fedora release 18 (Spherical Cow)
seems selinux is blocking correct time updates via ntp Package: (null) OS Release: Fedora release 18 (Spherical Cow)
I attempted to change the time-zone using KDE's control panel. Package: (null) OS Release: Fedora release 18 (Spherical Cow)
I also get selinux denials on both 17 and 18.
This is again reproducible in Fedora 18. Good news is that it does not seem to be occurring in Fedora 17.
(In reply to comment #71) > This is again reproducible in Fedora 18. > > Good news is that it does not seem to be occurring in Fedora 17. My Fedora 17 installation still errors out with: SELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from using the dac_override capability.
change time zone Package: (null) OS Release: Fedora release 18 (Spherical Cow)
I want change settings of clock. Package: (null) OS Release: Fedora release 18 (Spherical Cow)
Installed Packages Name : selinux-policy Arch : noarch Version : 3.11.1 Release : 76.fc18 Size : 62 Repo : installed From repo : updates-testing Summary : SELinux policy configuration URL : http://oss.tresys.com/repos/refpolicy/ License : GPLv2+ Description : SELinux Reference Policy - modular. : Based off of reference policy: Checked out revision 2.20091117 I am now able to change the Time to my native time zone (HMT) Kolkata/India. No selinux errors with this update. (resolved) KDE 4.10.00 selinux-policy 3.11.1 - 76.fc18 uname -a Linux 3.7.6-201.fc18.x86_64 After cross conformation the bug can be closed. Thanks
Removing external tracker bug with the id '4862' as it is not valid for this tracker
Removing external tracker bug with the id '21030' as it is not valid for this tracker