Created attachment 587186 [details] Alert logs Description of problem: These alerts pop up at every boot. Maybe are connected to Bug769747. Version-Release number of selected component (if applicable): selinux-policy-targeted-3.10.0-121.fc17.noarch selinux-policy-3.10.0-121.fc17.noarch How reproducible: By boot up Fedora.
Created attachment 587187 [details] /var/log/messages
Please could you test it with the latest policy which is available from koji http://koji.fedoraproject.org/koji/buildinfo?buildID=320274 Thank you.
(In reply to comment #2) > Please could you test it with the latest policy which is available from koji > > http://koji.fedoraproject.org/koji/buildinfo?buildID=320274 > > Thank you. In https://bugzilla.redhat.com/attachment.cgi?id=587186, there are two SELinux alerts. After selinux-policy update, is signaled only the second one.
Thank you for testing. Fixed in selinux-policy-3.10.0-128.fc17
selinux-policy-3.10.0-128.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-128.fc17
(In reply to comment #5) > selinux-policy-3.10.0-128.fc17 has been submitted as an update for Fedora 17. > https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-128.fc17 selinux-policy updated The alert "SELinux is preventing /usr/sbin/sysctl from write access on the file nmi_watchdog" appears again. See https://bugzilla.redhat.com/attachment.cgi?id=587186
Please add the new AVC's the bug you link to is fixed.
selinux-policy-3.10.0-129.fc17 will allow tuned to write to kernel_sysctls_t.
Created attachment 588540 [details] Alert-sysctl from write access on the file nmi_watchdog
(In reply to comment #7) > Please add the new AVC's the bug you link to is fixed. See https://bugzilla.redhat.com/attachment.cgi?id=588540
Package selinux-policy-3.10.0-128.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-128.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-8720/selinux-policy-3.10.0-128.fc17 then log in and leave karma (feedback).
selinux-policy-3.10.0-128.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.