libreport version: 2.0.8 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.1.6-1.fc16.x86_64 reason: SELinux is preventing /usr/bin/file from 'read' accesses on the file /usr/bin/file. time: Wed 28 Dec 2011 12:56:52 PM EST description: :SELinux is preventing /usr/bin/file from 'read' accesses on the file /usr/bin/file. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that file should be allowed read access on the file file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep file /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:boinc_t:s0 :Target Context system_u:object_r:bin_t:s0 :Target Objects /usr/bin/file [ file ] :Source file :Source Path /usr/bin/file :Port <Unknown> :Host (removed) :Source RPM Packages file-5.07-6.fc16 :Target RPM Packages file-5.07-6.fc16 :Policy RPM selinux-policy-3.10.0-67.fc16 :Selinux Enabled True :Policy Type targeted :Enforcing Mode Permissive :Host Name (removed) :Platform Linux (removed) 3.1.6-1.fc16.x86_64 #1 : SMP Wed Dec 21 22:41:17 UTC 2011 x86_64 x86_64 :Alert Count 1 :First Seen Wed 28 Dec 2011 12:36:04 PM EST :Last Seen Wed 28 Dec 2011 12:36:04 PM EST :Local ID a664e7c6-6722-47b2-bb35-d92b7c715533 : :Raw Audit Messages :type=AVC msg=audit(1325093764.479:92): avc: denied { read } for pid=2304 comm="file" name="file" dev=dm-1 ino=1841094 scontext=system_u:system_r:boinc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file : : :type=AVC msg=audit(1325093764.479:92): avc: denied { execute } for pid=2304 comm="file" path="/usr/bin/file" dev=dm-1 ino=1841094 scontext=system_u:system_r:boinc_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file : : :type=SYSCALL msg=audit(1325093764.479:92): arch=x86_64 syscall=execve success=yes exit=0 a0=b18ef0 a1=b18fd0 a2=b17e70 a3=20 items=0 ppid=2298 pid=2304 auid=4294967295 uid=993 gid=990 euid=993 suid=993 fsuid=993 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm=file exe=/usr/bin/file subj=system_u:system_r:boinc_t:s0 key=(null) : :Hash: file,boinc_t,bin_t,file,read : :audit2allow : :#============= boinc_t ============== :allow boinc_t bin_t:file { read execute }; : :audit2allow -R : :#============= boinc_t ============== :allow boinc_t bin_t:file { read execute }; :
Fixed in selinux-policy-3.10.0-69.fc16
selinux-policy-3.10.0-71.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-71.fc16
Package selinux-policy-3.10.0-71.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-71.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-0154/selinux-policy-3.10.0-71.fc16 then log in and leave karma (feedback).
selinux-policy-3.10.0-71.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.