Hide Forgot
libreport version: 2.0.8 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.2.9-1.fc16.x86_64 reason: SELinux is preventing /usr/sbin/tmpwatch from 'setattr' accesses on the directory pulse-aBChLGEEZCk6. time: Sun 11 Mar 2012 03:09:35 PM CET description: :SELinux is preventing /usr/sbin/tmpwatch from 'setattr' accesses on the directory pulse-aBChLGEEZCk6. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that tmpwatch should be allowed setattr access on the pulse-aBChLGEEZCk6 directory by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep tmpwatch /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 :Target Context unconfined_u:object_r:user_home_dir_t:s0 :Target Objects pulse-aBChLGEEZCk6 [ dir ] :Source tmpwatch :Source Path /usr/sbin/tmpwatch :Port <Unknown> :Host (removed) :Source RPM Packages tmpwatch-2.10.3-1.fc16.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-75.fc16.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Permissive :Host Name (removed) :Platform Linux (removed) 3.2.9-1.fc16.x86_64 #1 SMP Thu : Mar 1 01:41:10 UTC 2012 x86_64 x86_64 :Alert Count 1 :First Seen Sun 11 Mar 2012 03:09:19 PM CET :Last Seen Sun 11 Mar 2012 03:09:19 PM CET :Local ID f6e1906a-00b1-4422-a141-b366a4e9ba9d : :Raw Audit Messages :type=AVC msg=audit(1331474959.998:116): avc: denied { setattr } for pid=3137 comm="tmpwatch" name="pulse-aBChLGEEZCk6" dev=sda1 ino=389468 scontext=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir : : :type=SYSCALL msg=audit(1331474959.998:116): arch=x86_64 syscall=utime success=yes exit=0 a0=4045eb a1=7fffd7d9a190 a2=1a1 a3=0 items=0 ppid=3135 pid=3137 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm=tmpwatch exe=/usr/sbin/tmpwatch subj=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 key=(null) : :Hash: tmpwatch,tmpreaper_t,user_home_dir_t,dir,setattr : :audit2allow : :#============= tmpreaper_t ============== :allow tmpreaper_t user_home_dir_t:dir setattr; : :audit2allow -R : :#============= tmpreaper_t ============== :allow tmpreaper_t user_home_dir_t:dir setattr; :
Where is pulse-aBChLGEEZCk6 located? What does ls -lZ /tmp/pulse-*
That file is in /tmp: $ ls -lZ /tmp/pulse-* /tmp/pulse-aBChLGEEZCk6: srwxrwxrwx. peque peque unconfined_u:object_r:user_home_t:s0 native -rw-------. peque peque unconfined_u:object_r:user_home_t:s0 pid ls: cannot open directory /tmp/pulse-PKdhtXMmr18n: Permission denied ls: cannot open directory /tmp/pulse-zahEcaYatja7: Permission denied
I am seeing it also in F17: > SELinux is preventing /usr/sbin/tmpwatch from setattr access on > the directory pulse-PKdhtXMmr18n Source Context system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 Target Context system_u:object_r:unlabeled_t:s0 Target Objects pulse-PKdhtXMmr18n [ dir ] Source tmpwatch Source Path /usr/sbin/tmpwatch Source RPM Packages tmpwatch-2.10.3-2.fc17.x86_64 Policy RPM selinux-policy-3.10.0-140.fc17.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Alert Count 9 First Seen Thu 26 Jul 2012 03:19:07 AM CEST Last Seen Fri 03 Aug 2012 03:40:26 AM CEST type=AVC msg=audit(1343958026.903:18406): avc: denied { setattr } for pid=20503 comm="tmpwatch" name="pulse-PKdhtXMmr18n" dev="sda4" ino=262168 scontext=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir type=SYSCALL msg=audit(1343958026.903:18406): arch=x86_64 syscall=utime success=yes exit=0 a0=404a07 a1=7fff944308d0 a2=37125b0f98 a3=8028 items=0 ppid=20501 pid=20503 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2568 comm=tmpwatch exe=/usr/sbin/tmpwatch subj=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 key=(null) Note the late night--early morning times, looks like the system is busy to do some cleanup intentionally at this time. Or if it is only accidental, the triggering action seems to be planned for around the same time, at least.
re [comment 3]: Also hand-in-hand with: > SELinux is preventing /usr/sbin/tmpwatch from read access on > the directory pulse-PKdhtXMmr18n. Source RPM Packages tmpwatch-2.10.3-2.fc17.x86_64 Alert Count 9 First Seen Thu 26 Jul 2012 03:19:07 AM CEST Last Seen Fri 03 Aug 2012 03:40:26 AM CEST > SELinux is preventing /usr/sbin/tmpwatch from search access on > the directory pulse-PKdhtXMmr18n. Alert Count 9 First Seen Thu 26 Jul 2012 03:19:07 AM CEST Last Seen Fri 03 Aug 2012 03:40:26 AM CEST > SELinux is preventing /usr/sbin/tmpwatch from getattr access on > the directory /tmp/pulse-PKdhtXMmr18n. Alert Count 23 First Seen Thu 12 Jul 2012 03:43:51 AM CEST Last Seen Fri 03 Aug 2012 03:40:26 AM CEST > SELinux is preventing /usr/bin/systemd-tmpfiles from read access on > the directory pulse-PKdhtXMmr18n. Alert Count 9 First Seen Wed 25 Jul 2012 03:07:12 PM CEST Last Seen Thu 02 Aug 2012 03:07:12 PM CEST > SELinux is preventing /usr/bin/systemd-tmpfiles from getattr access on > the directory /tmp/pulse-PKdhtXMmr18n. Alert Count 24 First Seen Thu 12 Jul 2012 02:04:34 PM CEST Last Seen Fri 03 Aug 2012 05:04:38 PM CEST Note that getattr gets the path stated in full (perhaps a feature). I can provide additional info, now I've just picked some interesting bits.
Jan, could you try to install the latest F17 build and see if you can re-create it?
Mirek, sure. selinux-policy-3.10.0-142 seems not to solve it so I did: > rpm -U http://kojipkgs.fedoraproject.org//packages/selinux-policy/3.10.0/144.fc17/noarch/selinux-policy-3.10.0-144.fc17.noarch.rpm \ > http://kojipkgs.fedoraproject.org//packages/selinux-policy/3.10.0/144.fc17/noarch/selinux-policy-targeted-3.10.0-144.fc17.noarch.rpm For some reason I didn't see any update using updates-testing. Will see if this changes anything.
Mirek, update here: after almost two days, it looks -144 release helped here. Thanks!