libreport version: 2.0.10 executable: /usr/bin/python2.7 hashmarkername: setroubleshoot kernel: 3.4.9-1.fc16.x86_64 time: Sun 09 Sep 2012 05:16:04 PM EDT description: :SELinux is preventing /usr/bin/pkcon from 'execute' accesses on the file /usr/bin/pkcon. : :***** Plugin leaks (86.2 confidence) suggests ****************************** : :If you want to ignore pkcon trying to execute access the pkcon file, because you believe it should not need this access. :Then you should report this as a bug. :You can generate a local policy module to dontaudit this access. :Do :# grep /usr/bin/pkcon /var/log/audit/audit.log | audit2allow -D -M mypol :# semodule -i mypol.pp : :***** Plugin catchall (14.7 confidence) suggests *************************** : :If you believe that pkcon should be allowed execute access on the pkcon file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep pkcon /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:jockey_t:s0-s0:c0.c1023 :Target Context system_u:object_r:bin_t:s0 :Target Objects /usr/bin/pkcon [ file ] :Source pkcon :Source Path /usr/bin/pkcon :Port <Unknown> :Host (removed) :Source RPM Packages PackageKit-0.6.22-2.fc16.x86_64 :Target RPM Packages PackageKit-0.6.22-2.fc16.x86_64 :Policy RPM selinux-policy-3.10.0-91.fc16.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.4.9-1.fc16.x86_64 #1 SMP Wed Aug : 15 20:45:23 UTC 2012 x86_64 x86_64 :Alert Count 2 :First Seen Sun 09 Sep 2012 04:59:04 PM EDT :Last Seen Sun 09 Sep 2012 05:15:10 PM EDT :Local ID 8ab50886-229b-488b-b0b8-4a0e1961df60 : :Raw Audit Messages :type=AVC msg=audit(1347225310.105:144): avc: denied { execute } for pid=22196 comm="jockey-backend" name="pkcon" dev="dm-1" ino=136346 scontext=system_u:system_r:jockey_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file : : :type=AVC msg=audit(1347225310.105:144): avc: denied { read open } for pid=22196 comm="jockey-backend" name="pkcon" dev="dm-1" ino=136346 scontext=system_u:system_r:jockey_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file : : :type=AVC msg=audit(1347225310.105:144): avc: denied { execute_no_trans } for pid=22196 comm="jockey-backend" path="/usr/bin/pkcon" dev="dm-1" ino=136346 scontext=system_u:system_r:jockey_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file : : :type=SYSCALL msg=audit(1347225310.105:144): arch=x86_64 syscall=execve success=yes exit=0 a0=260e2d0 a1=26103d0 a2=7fff95a651a8 a3=20 items=0 ppid=1826 pid=22196 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=pkcon exe=/usr/bin/pkcon subj=system_u:system_r:jockey_t:s0-s0:c0.c1023 key=(null) : :Hash: pkcon,jockey_t,bin_t,file,execute : :audit2allow : :#============= jockey_t ============== :allow jockey_t bin_t:file { read execute open execute_no_trans }; : :audit2allow -R : :#============= jockey_t ============== :allow jockey_t bin_t:file { read execute open execute_no_trans }; :
Fixed in selinux-policy-3.10.0-92.fc16.noarch
selinux-policy-3.10.0-96.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-96.fc16
Package selinux-policy-3.10.0-96.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-96.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-18243/selinux-policy-3.10.0-96.fc16 then log in and leave karma (feedback).
selinux-policy-3.10.0-96.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.