Barry what were you trying to fix?

Now I see this also .. you can just try to fix a label and it happens. Nothing is blocked.

Lets add a dontaudit.

(In reply to comment #1)
> Barry what were you trying to fix?

I was trying to do the the grep thing and the subsequent command to enforce it but nothing was taking affect. Even rebooting the machine didn't force it to be allowed.

This happened on many of the sealalerts I recieved that I ran the commands to allow it to do what it wanted to do. Reboot the machine and all the alerts came right back like the suggestions in the alert didn't take effect even though I ran both commands.

Right now I have the same alerts once again of two alerts that I have already submitted and used the suggested commands and again they do not take affect.

Could you show us the original alert that you attempted to fix?  

IE Show us both alerts.

Created attachment 589700 [details]
SELinux Report

Here is my report, i have no custom policies

Did you click fix it button on a previous alert?

Happens during bootup, typically.

Package: (null)
OS Release: Fedora release 17 (Beefy Miracle)

Not sure what you mean?  Could you attach your AVC messages?

I'm seeing this everytime after logging in to my session. Is there any fix ?

Running VMWare kernel update script

Package: (null)
OS Release: Fedora release 17 (Beefy Miracle)

Are you getting the same AVC msg?

I am afraid I cannot reproduce the exact same problem. Stopped using VMPlayer, moved on to Virtualbox, and checking out Qemu now. Running the VMPlayer update script now results in....

SELinux is preventing /usr/bin/vmnet-natd from module_request access on the system .

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that vmnet-natd should be allowed module_request access on the  system by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep vmnet-natd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:vmware_host_t:s0-s0:c0.c1023
Target Context                system_u:system_r:kernel_t:s0
Target Objects                 [ system ]
Source                        vmnet-natd
Source Path                   /usr/bin/vmnet-natd
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.10.0-149.fc17.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 3.5.4-2.fc17.x86_64 #1
                              SMP Wed Sep 26 21:58:50 UTC 2012 x86_64 x86_64
Alert Count                   1
First Seen                    2012-10-07 09:43:04 CEST
Last Seen                     2012-10-07 09:43:04 CEST
Local ID                      fae98600-2800-4d5d-8603-2d2309b34d74

Raw Audit Messages
type=AVC msg=audit(1349595784.226:90): avc:  denied  { module_request } for  pid=1311 comm="vmnet-natd" kmod="netdev-vmnet1" scontext=system_u:system_r:vmware_host_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=system


type=SYSCALL msg=audit(1349595784.226:90): arch=x86_64 syscall=ioctl success=no exit=ENODEV a0=6 a1=8927 a2=7fff94f76040 a3=0 items=0 ppid=1 pid=1311 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=vmnet-natd exe=/usr/bin/vmnet-natd subj=system_u:system_r:vmware_host_t:s0-s0:c0.c1023 key=(null)

Hash: vmnet-natd,vmware_host_t,kernel_t,system,module_request

audit2allow

#============= vmware_host_t ==============
#!!!! This avc can be allowed using the boolean 'domain_kernel_load_modules'

allow vmware_host_t kernel_t:system module_request;

audit2allow -R

#============= vmware_host_t ==============
#!!!! This avc can be allowed using the boolean 'domain_kernel_load_modules'

allow vmware_host_t kernel_t:system module_request;

Added.

commit 101178abf1efdde84b8556381c858dccae44b14e
Author: Miroslav Grepl <mgrepl>
Date:   Mon Oct 8 10:57:29 2012 +0200

    Allow vmnet-natd to request the kernel to load a module

selinux-policy-3.10.0-153.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-153.fc17

Package selinux-policy-3.10.0-153.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-153.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-15652/selinux-policy-3.10.0-153.fc17
then log in and leave karma (feedback).

I've noticed that by relabelling the entire system the problem disappear without updating to selinux-policy-3.10.0-153. I have selinux-policy-3.10.0-149 installed. 

1. The problem was present before I migrate /home to a luks mapped encrypted partition. 
2. I migrated /home to luks and I started getting some unusual selinux warnings. So I did touch /.autorelabel && reboot
3. After reboot, this problem disappear (I also tried to reboot 2 more times and it seem to fix it without updating to the newer update.

I was trying to open the flight simulator "Thunder and Lightening". It simply did not open, and an SELinux bug was reported.

Package: (null)
Architecture: i686
OS Release: Fedora release 17 (Beefy Miracle)

Was starting a VPN connection. The connection took place but I still got 2 SELinux warnings. The other one is for xauth and it tells me to relabel /root

Package: (null)
OS Release: Fedora release 17 (Beefy Miracle)

This was while a try to connect to vsFTP server localy. Like this:
ftp ftp.0.1:54321


Package: (null)
Architecture: i686
OS Release: Fedora release 17 (Beefy Miracle)

Tavash what were the AVC's that you saw?

And why are you adding on to this AVC?

selinux-policy-3.10.0-153.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

While asking SELinux Explorer to fix a problem for me (about /usb/bin/df doing a getattr on /sys/kernel/config), I also got this SElinux message.

Source Context                system_u:system_r:setroubleshoot_fixit_t:s0-s0:c0.c1023
Target Context                system_u:object_r:rpm_exec_t:s0
Target Objects                /usr/bin/rpm [ file ]
Source                        sealert
Source Path                   /usr/bin/python2.7
Port                          <Inconnu>
Host                          (removed)
Source RPM Packages           python-2.7.3-7.2.fc17.x86_64
Target RPM Packages           rpm-4.9.1.3-7.fc17.x86_64
Policy RPM                    selinux-policy-3.10.0-161.fc17.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing

Could you attach the AVC information.

Created attachment 669244 [details]
SELinux - original action

Added the orignal SELinux report about df

Created attachment 669245 [details]
SELinux - result action

added the SElinux report I got after I clicked on restore context button in troubleshoot

Backported from F18.