SELinux is preventing /usr/bin/iceauth from 'unlink' accesses on the file .ICEauthority. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that iceauth should be allowed unlink access on the .ICEauthority file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep iceauth /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:iceauth_t:s0 Target Context unconfined_u:object_r:user_home_t:s0 Target Objects .ICEauthority [ file ] Source iceauth Source Path /usr/bin/iceauth Port <Unknown> Host (removed) Source RPM Packages xorg-x11-server-utils-7.5-5.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-35.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 2.6.40.3-0.fc15.i686 #1 SMP Tue Aug 16 04:24:09 UTC 2011 i686 i686 Alert Count 1 First Seen Tue 06 Sep 2011 12:38:52 AM PDT Last Seen Tue 06 Sep 2011 12:38:52 AM PDT Local ID bd9560e1-5f15-4117-bee3-4ebfbcff8255 Raw Audit Messages type=AVC msg=audit(1315294732.473:145): avc: denied { unlink } for pid=7876 comm="iceauth" name=".ICEauthority" dev=dm-0 ino=3714062 scontext=unconfined_u:unconfined_r:iceauth_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file type=SYSCALL msg=audit(1315294732.473:145): arch=i386 syscall=unlink success=yes exit=0 a0=9b42030 a1=9b421b8 a2=0 a3=9b42058 items=0 ppid=7875 pid=7876 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm=iceauth exe=/usr/bin/iceauth subj=unconfined_u:unconfined_r:iceauth_t:s0 key=(null) Hash: iceauth,iceauth_t,user_home_t,file,unlink audit2allow #============= iceauth_t ============== allow iceauth_t user_home_t:file unlink; audit2allow -R #============= iceauth_t ============== allow iceauth_t user_home_t:file unlink;
This occurred while performing a clear history from Google Chrome under KDE. Google Chrome version: google-chrome-stable-13.0.782.220-99552.i386 kde 4.6.5-1 I occasionally switch back and forth between Gnome 3 and KDE 4. I'm a bit suspicious as to why iceauth needs to delete this file.
The problem was this file was mislabeled. restorecon ~/.ICEauthority Would have fixed the problem.