Additional info: libreport version: 2.0.13 kernel: 3.6.0-0.rc2.git2.1.fc18.x86_64 description: :SELinux is preventing /usr/lib64/realmd/realmd from 'read' accesses on the directory sssd. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that realmd should be allowed read access on the sssd directory by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep realmd /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:realmd_t:s0-s0:c0.c1023 :Target Context system_u:object_r:sssd_conf_t:s0 :Target Objects sssd [ dir ] :Source realmd :Source Path /usr/lib64/realmd/realmd :Port <Unknown> :Host (removed) :Source RPM Packages realmd-0.6-1.fc18.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.11.1-7.fc18.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.6.0-0.rc2.git2.1.fc18.x86_64 #1 : SMP Wed Aug 22 11:54:04 UTC 2012 x86_64 x86_64 :Alert Count 32 :First Seen 2012-08-29 22:51:15 EDT :Last Seen 2012-08-29 22:52:15 EDT :Local ID 5bff9247-6d9e-4021-a34f-2611d61a1f3a : :Raw Audit Messages :type=AVC msg=audit(1346295135.374:294): avc: denied { read } for pid=1142 comm="realmd" name="sssd" dev="dm-0" ino=181485 scontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sssd_conf_t:s0 tclass=dir : : :type=SYSCALL msg=audit(1346295135.374:294): arch=x86_64 syscall=inotify_add_watch success=no exit=EACCES a0=6 a1=7f53d8e516e0 a2=1002fce a3=1 items=0 ppid=1 pid=1142 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=realmd exe=/usr/lib64/realmd/realmd subj=system_u:system_r:realmd_t:s0-s0:c0.c1023 key=(null) : :Hash: realmd,realmd_t,sssd_conf_t,dir,read : :audit2allow : :#============= realmd_t ============== :allow realmd_t sssd_conf_t:dir read; : :audit2allow -R : :#============= realmd_t ============== :allow realmd_t sssd_conf_t:dir read; :
Created attachment 608031 [details] File: type
Created attachment 608032 [details] File: hashmarkername
Fixed in selinux-policy-3.11.1-8.fc18.noarch
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle. Changing version to '19'. (As we did not run this process for some time, it could affect also pre-Fedora 19 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
selinux-policy-3.12.1-28.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/FEDORA-2013-5045/selinux-policy-3.12.1-28.fc19
Package selinux-policy-3.12.1-28.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-28.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-5045/selinux-policy-3.12.1-28.fc19 then log in and leave karma (feedback).
selinux-policy-3.12.1-28.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.