Description of problem: After clean installation of Katello on F16 I see a lot of denied lines in audit.log related to thin. Version-Release number of selected component (if applicable): katello-1.1.12-1.git.76.e73b105.fc16.noarch Additional info: # grep denied /var/log/audit/audit.log |grep thin type=AVC msg=audit(1347962096.460:171): avc: denied { getattr } for pid=21047 comm="thin" path="/bin/systemd-tmpfiles" dev="dm-1" ino=1180276 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.460:172): avc: denied { getattr } for pid=21047 comm="thin" path="/bin/dbus-daemon" dev="dm-1" ino=1180461 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:dbusd_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.460:173): avc: denied { getattr } for pid=21047 comm="thin" path="/bin/dmesg" dev="dm-1" ino=1180117 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:dmesg_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.460:174): avc: denied { getattr } for pid=21047 comm="thin" path="/bin/su" dev="dm-1" ino=1179710 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:su_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.460:175): avc: denied { getattr } for pid=21047 comm="thin" path="/bin/systemctl" dev="dm-1" ino=1180275 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.460:176): avc: denied { getattr } for pid=21047 comm="thin" path="/bin/hostname" dev="dm-1" ino=1179672 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.460:177): avc: denied { getattr } for pid=21047 comm="thin" path="/bin/traceroute" dev="dm-1" ino=1190518 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:traceroute_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.467:178): avc: denied { getattr } for pid=21047 comm="thin" path="/bin/systemd" dev="dm-1" ino=1180228 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:init_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.467:179): avc: denied { getattr } for pid=21047 comm="thin" path="/bin/umount" dev="dm-1" ino=1180126 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:mount_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.467:180): avc: denied { getattr } for pid=21047 comm="thin" path="/bin/login" dev="dm-1" ino=1180120 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:login_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.467:181): avc: denied { getattr } for pid=21047 comm="thin" path="/bin/mailx" dev="dm-1" ino=1179718 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:sendmail_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.467:182): avc: denied { getattr } for pid=21047 comm="thin" path="/bin/ping6" dev="dm-1" ino=1180485 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:ping_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.467:183): avc: denied { getattr } for pid=21047 comm="thin" path="/bin/systemd-tty-ask-password-agent" dev="dm-1" ino=1180233 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_passwd_agent_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.467:184): avc: denied { getattr } for pid=21047 comm="thin" path="/bin/rpm" dev="dm-1" ino=1179719 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.467:185): avc: denied { getattr } for pid=21047 comm="thin" path="/bin/bash" dev="dm-1" ino=1179651 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.468:186): avc: denied { getattr } for pid=21047 comm="thin" path="/bin/systemd-notify" dev="dm-1" ino=1180232 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_notify_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.468:187): avc: denied { getattr } for pid=21047 comm="thin" path="/bin/loadkeys" dev="dm-1" ino=1185736 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:loadkeys_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.534:188): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/modules" dev="dm-1" ino=917506 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=dir type=AVC msg=audit(1347962096.534:189): avc: denied { read } for pid=21047 comm="thin" name="modules" dev="dm-1" ino=917506 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=dir type=AVC msg=audit(1347962096.534:189): avc: denied { open } for pid=21047 comm="thin" name="modules" dev="dm-1" ino=917506 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=dir type=AVC msg=audit(1347962096.534:190): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/modules/3.4.9-2.fc16.x86_64/modules.ieee1394map" dev="dm-1" ino=923948 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file type=AVC msg=audit(1347962096.535:191): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/modules/3.4.9-2.fc16.x86_64/build" dev="dm-1" ino=923726 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=lnk_file type=AVC msg=audit(1347962096.535:192): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/modules/3.4.9-2.fc16.x86_64/modules.networking" dev="dm-1" ino=923931 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:modules_dep_t:s0 tclass=file type=AVC msg=audit(1347962096.841:193): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/systemd/fedora-configure" dev="dm-1" ino=1180193 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.841:194): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/systemd/systemd-readahead-replay" dev="dm-1" ino=1180253 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:readahead_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.841:195): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/systemd/systemd-fsck" dev="dm-1" ino=1180243 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:fsadm_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.841:196): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/systemd/systemd-kmsg-syslogd" dev="dm-1" ino=1180246 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:syslogd_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.846:197): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/systemd/system" dev="dm-1" ino=1180170 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir type=AVC msg=audit(1347962096.846:198): avc: denied { read } for pid=21047 comm="thin" name="system" dev="dm-1" ino=1180170 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir type=AVC msg=audit(1347962096.846:198): avc: denied { open } for pid=21047 comm="thin" name="system" dev="dm-1" ino=1180170 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir type=AVC msg=audit(1347962096.846:199): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/systemd/system/gpm.service" dev="dm-1" ino=1182042 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=file type=AVC msg=audit(1347962096.846:200): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/systemd/system/final.target.wants/halt-local.service" dev="dm-1" ino=1180298 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=lnk_file type=AVC msg=audit(1347962096.846:201): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/systemd/system/nfs-idmap.service" dev="dm-1" ino=1186620 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:nfsd_unit_file_t:s0 tclass=file type=AVC msg=audit(1347962096.846:202): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/systemd/system/httpd.service" dev="dm-1" ino=1191838 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:httpd_unit_file_t:s0 tclass=file type=AVC msg=audit(1347962096.847:203): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/systemd/system/rpcbind.target" dev="dm-1" ino=1180362 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:rpcd_unit_file_t:s0 tclass=file type=AVC msg=audit(1347962096.847:204): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/systemd/system/dnsmasq.service" dev="dm-1" ino=1182231 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:dnsmasq_unit_file_t:s0 tclass=file type=AVC msg=audit(1347962096.848:205): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/systemd/system/crond.service" dev="dm-1" ino=1182195 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:crond_unit_file_t:s0 tclass=file type=AVC msg=audit(1347962096.849:206): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/systemd/system/NetworkManager.service" dev="dm-1" ino=1185820 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:NetworkManager_unit_file_t:s0 tclass=file type=AVC msg=audit(1347962096.864:207): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/systemd/system/ypbind.service" dev="dm-1" ino=1181872 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:ypbind_unit_file_t:s0 tclass=file type=AVC msg=audit(1347962096.864:208): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/systemd/system/iptables.service" dev="dm-1" ino=1180475 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:iptables_unit_file_t:s0 tclass=file type=AVC msg=audit(1347962096.864:209): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/systemd/systemd-logind" dev="dm-1" ino=1180248 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_logind_exec_t:s0 tclass=file type=AVC msg=audit(1347962096.864:210): avc: denied { getattr } for pid=21047 comm="thin" path="/lib/systemd/systemd-cryptsetup" dev="dm-1" ino=1180240 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:lvm_exec_t:s0 tclass=file type=AVC msg=audit(1347962097.099:211): avc: denied { execute } for pid=21057 comm="thin" name="bash" dev="dm-1" ino=1179651 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1347962097.099:211): avc: denied { read open } for pid=21057 comm="thin" name="bash" dev="dm-1" ino=1179651 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1347962097.099:211): avc: denied { execute_no_trans } for pid=21057 comm="thin" path="/bin/bash" dev="dm-1" ino=1179651 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1347962097.102:212): avc: denied { execute_no_trans } for pid=21057 comm="sh" path="/usr/bin/thin" dev="dm-1" ino=150002 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:thin_exec_t:s0 tclass=file type=AVC msg=audit(1347962097.249:213): avc: denied { create } for pid=21057 comm="thin" name="pids" scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir type=AVC msg=audit(1347962099.699:215): avc: denied { execute } for pid=21129 comm="thin" name="bash" dev="dm-1" ino=1179651 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1347962099.699:215): avc: denied { read open } for pid=21129 comm="thin" name="bash" dev="dm-1" ino=1179651 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1347962099.699:215): avc: denied { execute_no_trans } for pid=21129 comm="thin" path="/bin/bash" dev="dm-1" ino=1179651 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1347962099.701:216): avc: denied { getattr } for pid=21129 comm="sh" path="/bin/bash" dev="dm-1" ino=1179651 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1347962099.722:217): avc: denied { getattr } for pid=21138 comm="which" path="/bin/hostname" dev="dm-1" ino=1179672 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file type=AVC msg=audit(1347962099.723:218): avc: denied { execute } for pid=21139 comm="thin" name="hostname" dev="dm-1" ino=1179672 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file type=AVC msg=audit(1347962099.723:219): avc: denied { read open } for pid=21139 comm="thin" name="hostname" dev="dm-1" ino=1179672 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file type=AVC msg=audit(1347962099.723:219): avc: denied { execute_no_trans } for pid=21139 comm="thin" path="/bin/hostname" dev="dm-1" ino=1179672 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file type=AVC msg=audit(1347962099.760:220): avc: denied { execute } for pid=21059 comm="thin" name="sendmail.sendmail" dev="dm-1" ino=139412 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:sendmail_exec_t:s0 tclass=file type=AVC msg=audit(1347962100.320:221): avc: denied { create } for pid=21059 comm="thin" name="69D" scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir type=AVC msg=audit(1347962100.320:222): avc: denied { rmdir } for pid=21059 comm="thin" name="entries_per_page20120918-21059-17z3dos-0.lock" dev="tmpfs" ino=60218 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir type=AVC msg=audit(1347962101.271:225): avc: denied { getattr } for pid=21194 comm="thin" path="/bin/systemd-tmpfiles" dev="dm-1" ino=1180276 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.271:226): avc: denied { getattr } for pid=21194 comm="thin" path="/bin/dbus-daemon" dev="dm-1" ino=1180461 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:dbusd_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.271:227): avc: denied { getattr } for pid=21194 comm="thin" path="/bin/dmesg" dev="dm-1" ino=1180117 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:dmesg_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.271:228): avc: denied { getattr } for pid=21194 comm="thin" path="/bin/su" dev="dm-1" ino=1179710 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:su_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.271:229): avc: denied { getattr } for pid=21194 comm="thin" path="/bin/systemctl" dev="dm-1" ino=1180275 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.271:230): avc: denied { getattr } for pid=21194 comm="thin" path="/bin/hostname" dev="dm-1" ino=1179672 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.271:231): avc: denied { getattr } for pid=21194 comm="thin" path="/bin/traceroute" dev="dm-1" ino=1190518 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:traceroute_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.271:232): avc: denied { getattr } for pid=21194 comm="thin" path="/bin/systemd" dev="dm-1" ino=1180228 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:init_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.271:233): avc: denied { getattr } for pid=21194 comm="thin" path="/bin/umount" dev="dm-1" ino=1180126 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:mount_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.271:234): avc: denied { getattr } for pid=21194 comm="thin" path="/bin/login" dev="dm-1" ino=1180120 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:login_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.271:235): avc: denied { getattr } for pid=21194 comm="thin" path="/bin/mailx" dev="dm-1" ino=1179718 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:sendmail_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.271:236): avc: denied { getattr } for pid=21194 comm="thin" path="/bin/ping6" dev="dm-1" ino=1180485 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:ping_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.271:237): avc: denied { getattr } for pid=21194 comm="thin" path="/bin/systemd-tty-ask-password-agent" dev="dm-1" ino=1180233 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_passwd_agent_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.271:238): avc: denied { getattr } for pid=21194 comm="thin" path="/bin/rpm" dev="dm-1" ino=1179719 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.271:239): avc: denied { getattr } for pid=21194 comm="thin" path="/bin/bash" dev="dm-1" ino=1179651 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.271:240): avc: denied { getattr } for pid=21194 comm="thin" path="/bin/systemd-notify" dev="dm-1" ino=1180232 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_notify_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.271:241): avc: denied { getattr } for pid=21194 comm="thin" path="/bin/loadkeys" dev="dm-1" ino=1185736 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:loadkeys_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.272:242): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/modules" dev="dm-1" ino=917506 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=dir type=AVC msg=audit(1347962101.272:243): avc: denied { read } for pid=21194 comm="thin" name="modules" dev="dm-1" ino=917506 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=dir type=AVC msg=audit(1347962101.272:243): avc: denied { open } for pid=21194 comm="thin" name="modules" dev="dm-1" ino=917506 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=dir type=AVC msg=audit(1347962101.272:244): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/modules/3.4.9-2.fc16.x86_64/modules.ieee1394map" dev="dm-1" ino=923948 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file type=AVC msg=audit(1347962101.272:245): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/modules/3.4.9-2.fc16.x86_64/build" dev="dm-1" ino=923726 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=lnk_file type=AVC msg=audit(1347962101.272:246): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/modules/3.4.9-2.fc16.x86_64/modules.networking" dev="dm-1" ino=923931 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:modules_dep_t:s0 tclass=file type=AVC msg=audit(1347962101.293:247): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/systemd/fedora-configure" dev="dm-1" ino=1180193 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.293:248): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/systemd/systemd-readahead-replay" dev="dm-1" ino=1180253 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:readahead_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.293:249): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/systemd/systemd-fsck" dev="dm-1" ino=1180243 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:fsadm_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.293:250): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/systemd/systemd-kmsg-syslogd" dev="dm-1" ino=1180246 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:syslogd_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.293:251): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/systemd/system" dev="dm-1" ino=1180170 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir type=AVC msg=audit(1347962101.293:252): avc: denied { read } for pid=21194 comm="thin" name="system" dev="dm-1" ino=1180170 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir type=AVC msg=audit(1347962101.293:252): avc: denied { open } for pid=21194 comm="thin" name="system" dev="dm-1" ino=1180170 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=dir type=AVC msg=audit(1347962101.293:253): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/systemd/system/gpm.service" dev="dm-1" ino=1182042 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=file type=AVC msg=audit(1347962101.293:254): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/systemd/system/final.target.wants/halt-local.service" dev="dm-1" ino=1180298 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=lnk_file type=AVC msg=audit(1347962101.293:255): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/systemd/system/nfs-idmap.service" dev="dm-1" ino=1186620 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:nfsd_unit_file_t:s0 tclass=file type=AVC msg=audit(1347962101.293:256): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/systemd/system/kexec.target" dev="dm-1" ino=1180312 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=file type=AVC msg=audit(1347962101.293:257): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/systemd/system/httpd.service" dev="dm-1" ino=1191838 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:httpd_unit_file_t:s0 tclass=file type=AVC msg=audit(1347962101.294:258): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/systemd/system/rpcbind.target" dev="dm-1" ino=1180362 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:rpcd_unit_file_t:s0 tclass=file type=AVC msg=audit(1347962101.294:259): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/systemd/system/dnsmasq.service" dev="dm-1" ino=1182231 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:dnsmasq_unit_file_t:s0 tclass=file type=AVC msg=audit(1347962101.294:260): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/systemd/system/crond.service" dev="dm-1" ino=1182195 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:crond_unit_file_t:s0 tclass=file type=AVC msg=audit(1347962101.294:261): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/systemd/system/NetworkManager.service" dev="dm-1" ino=1185820 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:NetworkManager_unit_file_t:s0 tclass=file type=AVC msg=audit(1347962101.294:262): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/systemd/system/ypbind.service" dev="dm-1" ino=1181872 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:ypbind_unit_file_t:s0 tclass=file type=AVC msg=audit(1347962101.294:263): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/systemd/system/iptables.service" dev="dm-1" ino=1180475 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:iptables_unit_file_t:s0 tclass=file type=AVC msg=audit(1347962101.294:264): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/systemd/systemd-logind" dev="dm-1" ino=1180248 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:systemd_logind_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.294:265): avc: denied { getattr } for pid=21194 comm="thin" path="/lib/systemd/systemd-cryptsetup" dev="dm-1" ino=1180240 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:lvm_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.422:266): avc: denied { execute } for pid=21196 comm="thin" name="bash" dev="dm-1" ino=1179651 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.422:266): avc: denied { read open } for pid=21196 comm="thin" name="bash" dev="dm-1" ino=1179651 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.422:266): avc: denied { execute_no_trans } for pid=21196 comm="thin" path="/bin/bash" dev="dm-1" ino=1179651 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1347962101.425:267): avc: denied { execute_no_trans } for pid=21196 comm="sh" path="/usr/bin/thin" dev="dm-1" ino=150002 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:thin_exec_t:s0 tclass=file type=AVC msg=audit(1347962104.076:281): avc: denied { execute } for pid=21369 comm="thin" name="bash" dev="dm-1" ino=1179651 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1347962104.076:281): avc: denied { read open } for pid=21369 comm="thin" name="bash" dev="dm-1" ino=1179651 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1347962104.076:281): avc: denied { execute_no_trans } for pid=21369 comm="thin" path="/bin/bash" dev="dm-1" ino=1179651 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1347962104.078:282): avc: denied { getattr } for pid=21369 comm="sh" path="/bin/bash" dev="dm-1" ino=1179651 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1347962104.100:283): avc: denied { getattr } for pid=21378 comm="which" path="/bin/hostname" dev="dm-1" ino=1179672 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file type=AVC msg=audit(1347962104.102:284): avc: denied { execute } for pid=21379 comm="thin" name="hostname" dev="dm-1" ino=1179672 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file type=AVC msg=audit(1347962104.102:285): avc: denied { read open } for pid=21379 comm="thin" name="hostname" dev="dm-1" ino=1179672 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file type=AVC msg=audit(1347962104.102:285): avc: denied { execute_no_trans } for pid=21379 comm="thin" path="/bin/hostname" dev="dm-1" ino=1179672 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file type=AVC msg=audit(1347962104.140:286): avc: denied { getattr } for pid=21198 comm="thin" path="/usr/sbin/sendmail.sendmail" dev="dm-1" ino=139412 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:sendmail_exec_t:s0 tclass=file type=AVC msg=audit(1347962104.140:287): avc: denied { execute } for pid=21198 comm="thin" name="sendmail.sendmail" dev="dm-1" ino=139412 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:sendmail_exec_t:s0 tclass=file type=AVC msg=audit(1347962107.193:288): avc: denied { name_bind } for pid=21198 comm="thin" src=5500 scontext=system_u:system_r:thin_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket
I recommend to focus on F17 and F18 now. There are big changes in the thin selinux policy now. Let's retest this on F17 next week.
This will be solved by migrating to mod_passanger on January. Do not waste time on this now.
Moving to Sat6 to be tracked there. Upstream bugs are moving to redmine.
We have moved to passenger. I am closing this out.