libreport version: 2.0.10 executable: /usr/bin/python2.7 hashmarkername: setroubleshoot kernel: 3.3.4-5.fc17.x86_64 time: Wed 04 Jul 2012 11:07:53 AM CEST description: :SELinux is preventing /usr/lib64/realmd/realmd from 'execute' accesses on the file /usr/bin/net. : :***** Plugin leaks (86.2 confidence) suggests ****************************** : :If you want to ignore realmd trying to execute access the net file, because you believe it should not need this access. :Then you should report this as a bug. :You can generate a local policy module to dontaudit this access. :Do :# grep /usr/lib64/realmd/realmd /var/log/audit/audit.log | audit2allow -D -M mypol :# semodule -i mypol.pp : :***** Plugin catchall (14.7 confidence) suggests *************************** : :If you believe that realmd should be allowed execute access on the net file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep realmd /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 :Target Context system_u:object_r:samba_net_exec_t:s0 :Target Objects /usr/bin/net [ file ] :Source realmd :Source Path /usr/lib64/realmd/realmd :Port <Unknown> :Host (removed) :Source RPM Packages realmd-0.4-1.fc18.x86_64 :Target RPM Packages samba-common-3.6.5-86.fc17.1.x86_64 :Policy RPM selinux-policy-3.10.0-132.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) : 3.3.4-5.fc17.x86_64 #1 SMP Mon May 7 17:29:34 UTC : 2012 x86_64 x86_64 :Alert Count 2 :First Seen Wed 04 Jul 2012 11:04:44 AM CEST :Last Seen Wed 04 Jul 2012 11:04:44 AM CEST :Local ID 4627eaf7-4b08-4c5b-a5ee-0f816ce28723 : :Raw Audit Messages :type=AVC msg=audit(1341392684.10:293): avc: denied { execute } for pid=25707 comm="realmd" name="net" dev="sda7" ino=135294 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:samba_net_exec_t:s0 tclass=file : : :type=SYSCALL msg=audit(1341392684.10:293): arch=x86_64 syscall=execve success=no exit=EACCES a0=1915dd0 a1=194a1d0 a2=193be50 a3=7fff8c808e10 items=0 ppid=20044 pid=25707 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=realmd exe=/usr/lib64/realmd/realmd subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null) : :Hash: realmd,system_dbusd_t,samba_net_exec_t,file,execute : :audit2allowunable to open /sys/fs/selinux/policy: Permission denied : : :audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied : :
This looks like we need to back port realmd policy from Rawhide?
Sorry, this is a duplicate bug report. I must have been confused about which system I was on. realmd is only in rawhide.