Description of problem: There are avc denials related to collectd - I guess because of it's libvirt plugin. Version-Release number of selected component (if applicable): F17 Additional info: #============= collectd_t ============== # audit(1339070717.915:21): # scontext="system_u:system_r:collectd_t:s0" tcontext="system_u:object_r:virt_etc_t:s0" # class="file" perms="read" # comm="collectd" exe="" path="" # message="type=AVC msg=audit(1339070717.915:21): avc: denied { read } for # pid=932 comm="collectd" name="libvirt.conf" dev="tmpfs" ino=11611 # scontext=system_u:system_r:collectd_t:s0 # tcontext=system_u:object_r:virt_etc_t:s0 tclass=file " # audit(1339070737.918:44): # scontext="system_u:system_r:collectd_t:s0" tcontext="system_u:object_r:virt_etc_t:s0" # class="file" perms="read" # comm="collectd" exe="" path="" # message="type=AVC msg=audit(1339070737.918:44): avc: denied { read } for # pid=928 comm="collectd" name="libvirt.conf" dev="tmpfs" ino=11611 # scontext=system_u:system_r:collectd_t:s0 # tcontext=system_u:object_r:virt_etc_t:s0 tclass=file " allow collectd_t virt_etc_t:file read;
Fixed in selinux-policy-3.10.0-129.fc17
selinux-policy-3.10.0-130.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-130.fc17
Package selinux-policy-3.10.0-130.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-130.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-9520/selinux-policy-3.10.0-130.fc17 then log in and leave karma (feedback).
selinux-policy-3.10.0-130.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.