Hide Forgot
libreport version: 2.0.8 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.2.2-1.fc16.x86_64 reason: SELinux is preventing /usr/sbin/cherokee-worker from 'search' accesses on the None /home/michiduta. time: Sat 04 Feb 2012 01:21:07 PM EET description: :SELinux is preventing /usr/sbin/cherokee-worker from 'search' accesses on the None /home/michiduta. : :***** Plugin file (47.5 confidence) suggests ******************************* : :If you think this is caused by a badly mislabeled machine. :Then you need to fully relabel. :Do :touch /.autorelabel; reboot : :***** Plugin file (47.5 confidence) suggests ******************************* : :If you think this is caused by a badly mislabeled machine. :Then you need to fully relabel. :Do :touch /.autorelabel; reboot : :***** Plugin catchall (6.38 confidence) suggests *************************** : :If you believe that cherokee-worker should be allowed search access on the michiduta <Unknown> by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep cherokee-worker /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:httpd_t:s0 :Target Context system_u:object_r:file_t:s0 :Target Objects /home/michiduta [ None ] :Source cherokee-worker :Source Path /usr/sbin/cherokee-worker :Port <Unknown> :Host (removed) :Source RPM Packages :Target RPM Packages :Policy RPM <Unknown> :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.2.2-1.fc16.x86_64 #1 SMP Thu : Jan 26 03:21:58 UTC 2012 x86_64 x86_64 :Alert Count 86 :First Seen Wed 01 Feb 2012 10:22:09 AM EET :Last Seen Sat 04 Feb 2012 01:14:37 PM EET :Local ID 76a18309-3d05-4fa6-a8e4-ff49c1d5bf03 : :Raw Audit Messages :type=AVC msg=audit(1328354077.28:601): avc: denied { search } for pid=6381 comm="cherokee-worker" name="michiduta" dev=sda3 ino=23068673 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dirnode=(removed) type=SYSCALL msg=audit(1328354077.028:601): arch=c000003e syscall=4 success=no exit=-13 a0=7f59a8001a20 a1=7f59d0b9fcd0 a2=7f59d0b9fcd0 a3=0 items=0 ppid=1027 pid=6381 auid=4294967295 uid=994 gid=991 euid=994 suid=994 fsuid=994 egid=991 sgid=991 fsgid=991 tty=(none) ses=4294967295 comm="cherokee-worker" exe="/usr/sbin/cherokee-worker" subj=system_u:system_r:httpd_t:s0 key=(null) : : :Hash: cherokee-worker,httpd_t,file_t,None,search : :audit2allow : : :audit2allow -R : :
What is "michiduta"? file_t means "michiduta" has no label. You will need to run restorecon on it.
(In reply to comment #1) > What is "michiduta"? > > file_t means "michiduta" has no label. You will need to run restorecon on it. michiduta is my system username. What is restorecon, how do I run it and what will it affect?
Restorecon puts SELinux labels on to inodes based on the systems default labeling rules. Here is a blog that talks about it. http://danwalsh.livejournal.com/42768.html restorecon -R -v /home Will fix your problem.