libreport version: 2.0.8 executable: /usr/bin/python2.7 hashmarkername: setroubleshoot kernel: 3.3.7-1.fc16.i686 reason: SELinux is preventing gnome-shell from using the 'execmem' accesses on a process. time: Mon 11 Jun 2012 09:12:23 AM EDT description: :SELinux is preventing gnome-shell from using the 'execmem' accesses on a process. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that gnome-shell should be allowed execmem access on processes labeled xdm_t by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep gnome-shell /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 :Target Context system_u:system_r:xdm_t:s0-s0:c0.c1023 :Target Objects [ process ] :Source gnome-shell :Source Path gnome-shell :Port <Unknown> :Host (removed) :Source RPM Packages :Target RPM Packages :Policy RPM selinux-policy-3.10.0-86.fc16.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Permissive :Host Name (removed) :Platform Linux (removed) 3.3.7-1.fc16.i686 #1 : SMP Tue May 22 14:14:30 UTC 2012 i686 i686 :Alert Count 1 :First Seen Mon 11 Jun 2012 09:07:30 AM EDT :Last Seen Mon 11 Jun 2012 09:07:30 AM EDT :Local ID 983d08e7-ccc0-4b02-afe7-cb50b00cc3af : :Raw Audit Messages :type=AVC msg=audit(1339420050.715:43): avc: denied { execmem } for pid=1271 comm="gnome-shell" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process : : :Hash: gnome-shell,xdm_t,xdm_t,process,execmem : :audit2allow : :#============= xdm_t ============== :#!!!! This avc can be allowed using one of the these booleans: :# allow_execstack, allow_execmem : :allow xdm_t self:process execmem; : :audit2allow -R : :#============= xdm_t ============== :#!!!! This avc can be allowed using one of the these booleans: :# allow_execstack, allow_execmem : :allow xdm_t self:process execmem; :
Please turn on the allow_execmem boolean. # setsebool -P allow_execmem 1