SELinux is preventing /bin/bash from 'getattr' accesses on the plik /bin/bash. ***** Plugin catchall (100. confidence) suggests *************************** If aby bash powinno mieć domyślnie getattr dostęp do bash file. Then proszę to zgłosić jako błąd. Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp. Do można tymczasowo zezwolić na ten dostęp wykonując polecenia: # grep sh /var/log/audit/audit.log | audit2allow -M moja_polityka # semodule -i moja_polityka.pp Additional Information: Source Context system_u:system_r:colord_t:s0-s0:c0.c1023 Target Context system_u:object_r:shell_exec_t:s0 Target Objects /bin/bash [ file ] Source sh Source Path /bin/bash Port <Nieznane> Host (removed) Source RPM Packages bash-4.2.10-4.fc15 Target RPM Packages bash-4.2.10-4.fc15 Policy RPM selinux-policy-3.9.16-38.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.40.4-5.fc15.x86_64 #1 SMP Tue Aug 30 14:38:32 UTC 2011 x86_64 x86_64 Alert Count 72 First Seen nie, 26 cze 2011, 16:07:42 Last Seen wto, 27 wrz 2011, 21:56:32 Local ID 4b13716e-8f6b-4546-b586-b12c9b7fdaae Raw Audit Messages type=AVC msg=audit(1317153392.529:29): avc: denied { getattr } for pid=1187 comm="sh" path="/bin/bash" dev=dm-1 ino=8608 scontext=system_u:system_r:colord_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=SYSCALL msg=audit(1317153392.529:29): arch=x86_64 syscall=stat success=yes exit=0 a0=c2fa80 a1=7fff4c7ac090 a2=7fff4c7ac090 a3=1 items=0 ppid=1179 pid=1187 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=sh exe=/bin/bash subj=system_u:system_r:colord_t:s0-s0:c0.c1023 key=(null) Hash: sh,colord_t,shell_exec_t,file,getattr audit2allow #============= colord_t ============== allow colord_t shell_exec_t:file getattr; audit2allow -R #============= colord_t ============== allow colord_t shell_exec_t:file getattr;
*** Bug 741759 has been marked as a duplicate of this bug. ***
Fixed in selinux-policy-3.9.16-49.fc15
selinux-policy-3.9.16-50.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-50.fc15
Package selinux-policy-3.9.16-50.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.9.16-50.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2011-17089/selinux-policy-3.9.16-50.fc15 then log in and leave karma (feedback).
selinux-policy-3.9.16-50.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.