Hide Forgot
Summary: SELinux is preventing escd "write" access on pcscd.events. Detailed Description: SELinux denied access requested by escd. It is not expected that this access is required by escd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context xguest_u:xguest_r:xguest_t:s0 Target Context system_u:object_r:pcscd_var_run_t:s0 Target Objects pcscd.events [ dir ] Source escd Source Path /usr/lib64/esc-1.1.0/escd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.7.19-93.el6 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.32-131.0.15.el6.x86_64 #1 SMP Tue May 10 15:42:40 EDT 2011 x86_64 x86_64 Alert Count 45849 First Seen Fri 22 Jul 2011 04:15:52 AM MUT Last Seen Fri 22 Jul 2011 04:50:46 AM MUT Local ID 23bb2154-1393-4111-ba68-60426ee5ea77 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1311295846.686:519266): avc: denied { write } for pid=12526 comm="escd" name="pcscd.events" dev=dm-0 ino=524499 scontext=xguest_u:xguest_r:xguest_t:s0 tcontext=system_u:object_r:pcscd_var_run_t:s0 tclass=dir Hash String generated from catchall,escd,xguest_t,pcscd_var_run_t,dir,write audit2allow suggests: #============= xguest_t ============== #!!!! The source type 'xguest_t' can write to a 'dir' of the following types: # user_home_type, httpd_user_script_exec_t, httpd_user_ra_content_t, httpd_user_rw_content_t, user_fonts_cache_t, user_tmp_t, xdm_tmp_t, tmp_t, user_home_dir_t, user_tmpfs_t, tmpfs_t, user_tmp_t, httpd_user_content_t, noxattrfs, noxattrfs, noxattrfs, dosfs_t, nfs_t allow xguest_t pcscd_var_run_t:dir write;
smart card guys, in order to use the smartcard from a normal user account, do I have to write to this directory? /var/run/pcscd.events/
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux. If you would like it considered as an exception in the current release, please ask your support representative.