Description of problem: I downloaded the rpm file of DraftSight http://www.3ds.com/it/products/draftsight/download-draftsight/ and I started installing it with yum localinstall, when I had the following SELinux alerts: SELinux is preventing systemd-logind from search access on the folder `@. ***** Plugin catchall (100. confidence) suggerisce**************************** Seyou believe that systemd-logind should be allowed search access on the `@ directory by default. Quindiyou should report this as a bug. You can generate a local policy module to allow this access. Fai allow this access for now by executing: # grep systemd-logind /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Informazioni addizionali: Contesto della sorgente system_u:system_r:systemd_logind_t:s0 Contesto target unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 Oggetti target `@ [ dir ] Sorgente systemd-logind Percorso della sorgente systemd-logind Porta <Sconosciuto> Host Portatile Sorgente Pacchetti RPM Pacchetti RPM target RPM della policy selinux-policy-3.10.0-75.fc16.noarch Selinux abilitato True Tipo di policy targeted Modalità Enforcing Permissive Host Name Portatile Piattaforma Linux Portatile 3.2.10-3.fc16.i686 #1 SMP Thu Mar 15 21:16:58 UTC 2012 i686 i686 Conteggio avvisi 3 Primo visto lun 19 mar 2012 12:23:21 CET Ultimo visto lun 19 mar 2012 12:27:36 CET ID locale Messaggi Raw Audit type=AVC msg=audit(1332156456.117:165): avc: denied { search } for pid=977 comm="systemd-logind" name="6040" dev=proc ino=59048 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=dir Hash: systemd-logind,systemd_logind_t,rpm_script_t,dir,search audit2allow #============= systemd_logind_t ============== allow systemd_logind_t rpm_script_t:dir search; audit2allow -R #============= systemd_logind_t ============== allow systemd_logind_t rpm_script_t:dir search; SELinux is preventing systemd-logind from read access on the file sessionid. ***** Plugin catchall (100. confidence) suggerisce**************************** Seyou believe that systemd-logind should be allowed read access on the sessionid file by default. Quindiyou should report this as a bug. You can generate a local policy module to allow this access. Fai allow this access for now by executing: # grep systemd-logind /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Informazioni addizionali: Contesto della sorgente system_u:system_r:systemd_logind_t:s0 Contesto target unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 Oggetti target sessionid [ file ] Sorgente systemd-logind Percorso della sorgente systemd-logind Porta <Sconosciuto> Host Portatile Sorgente Pacchetti RPM Pacchetti RPM target RPM della policy selinux-policy-3.10.0-75.fc16.noarch Selinux abilitato True Tipo di policy targeted Modalità Enforcing Permissive Host Name Portatile Piattaforma Linux Portatile 3.2.10-3.fc16.i686 #1 SMP Thu Mar 15 21:16:58 UTC 2012 i686 i686 Conteggio avvisi 4 Primo visto lun 19 mar 2012 12:23:21 CET Ultimo visto lun 19 mar 2012 12:27:41 CET ID locale Messaggi Raw Audit type=AVC msg=audit(1332156461.107:194): avc: denied { read } for pid=977 comm="systemd-logind" name="sessionid" dev=proc ino=59356 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=file Hash: systemd-logind,systemd_logind_t,rpm_script_t,file,read audit2allow #============= systemd_logind_t ============== allow systemd_logind_t rpm_script_t:file read; audit2allow -R #============= systemd_logind_t ============== allow systemd_logind_t rpm_script_t:file read; SELinux is preventing systemd-logind from open access on the file sessionid. ***** Plugin catchall (100. confidence) suggerisce**************************** Seyou believe that systemd-logind should be allowed open access on the sessionid file by default. Quindiyou should report this as a bug. You can generate a local policy module to allow this access. Fai allow this access for now by executing: # grep systemd-logind /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Informazioni addizionali: Contesto della sorgente system_u:system_r:systemd_logind_t:s0 Contesto target unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 Oggetti target sessionid [ file ] Sorgente systemd-logind Percorso della sorgente systemd-logind Porta <Sconosciuto> Host Portatile Sorgente Pacchetti RPM Pacchetti RPM target RPM della policy selinux-policy-3.10.0-75.fc16.noarch Selinux abilitato True Tipo di policy targeted Modalità Enforcing Permissive Host Name Portatile Piattaforma Linux Portatile 3.2.10-3.fc16.i686 #1 SMP Thu Mar 15 21:16:58 UTC 2012 i686 i686 Conteggio avvisi 4 Primo visto lun 19 mar 2012 12:23:21 CET Ultimo visto lun 19 mar 2012 12:27:41 CET ID locale Messaggi Raw Audit type=AVC msg=audit(1332156461.107:195): avc: denied { open } for pid=977 comm="systemd-logind" name="sessionid" dev=proc ino=59356 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=file Hash: systemd-logind,systemd_logind_t,rpm_script_t,file,open audit2allow #============= systemd_logind_t ============== allow systemd_logind_t rpm_script_t:file open; audit2allow -R #============= systemd_logind_t ============== allow systemd_logind_t rpm_script_t:file open; SELinux is preventing systemd-logind from getattr access on the file /proc/<pid>/sessionid. ***** Plugin catchall (100. confidence) suggerisce**************************** Seyou believe that systemd-logind should be allowed getattr access on the sessionid file by default. Quindiyou should report this as a bug. You can generate a local policy module to allow this access. Fai allow this access for now by executing: # grep systemd-logind /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Informazioni addizionali: Contesto della sorgente system_u:system_r:systemd_logind_t:s0 Contesto target unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 Oggetti target /proc/<pid>/sessionid [ file ] Sorgente systemd-logind Percorso della sorgente systemd-logind Porta <Sconosciuto> Host Portatile Sorgente Pacchetti RPM Pacchetti RPM target RPM della policy selinux-policy-3.10.0-75.fc16.noarch Selinux abilitato True Tipo di policy targeted Modalità Enforcing Permissive Host Name Portatile Piattaforma Linux Portatile 3.2.10-3.fc16.i686 #1 SMP Thu Mar 15 21:16:58 UTC 2012 i686 i686 Conteggio avvisi 4 Primo visto lun 19 mar 2012 12:23:21 CET Ultimo visto lun 19 mar 2012 12:27:41 CET ID locale Messaggi Raw Audit type=AVC msg=audit(1332156461.107:196): avc: denied { getattr } for pid=977 comm="systemd-logind" path="/proc/6303/sessionid" dev=proc ino=59356 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=file Hash: systemd-logind,systemd_logind_t,rpm_script_t,file,getattr audit2allow #============= systemd_logind_t ============== allow systemd_logind_t rpm_script_t:file getattr; audit2allow -R #============= systemd_logind_t ============== allow systemd_logind_t rpm_script_t:file getattr;
yum -y update This should be fixed in latest updates
selinux-policy-3.10.0-84.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-84.fc16
selinux-policy-3.10.0-84.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.