Description of problem: SELinux is preventing /usr/sbin/ethtool from 'write' accesses on the file /var/log/tuned/tuned.log. ***** Plugin leaks (86.2 confidence) suggests ****************************** If you want to ignore ethtool trying to write access the tuned.log file, because you believe it should not need this access. Then you should report this as a bug. You can generate a local policy module to dontaudit this access. Do # grep /usr/sbin/ethtool /var/log/audit/audit.log | audit2allow -D -M mypol # semodule -i mypol.pp ***** Plugin catchall (14.7 confidence) suggests *************************** If you believe that ethtool should be allowed write access on the tuned.log file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep ethtool /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:ifconfig_t:s0 Target Context system_u:object_r:tuned_log_t:s0 Target Objects /var/log/tuned/tuned.log [ file ] Source ethtool Source Path /usr/sbin/ethtool Port <Unknown> Host (removed) Source RPM Packages ethtool-3.4.1-2.fc18.x86_64 Target RPM Packages Policy RPM selinux-policy-3.11.1-67.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.6.11-3.fc18.x86_64 #1 SMP Mon Dec 17 21:35:39 UTC 2012 x86_64 x86_64 Alert Count 20 First Seen 2012-12-16 02:04:26 CET Last Seen 2012-12-29 12:10:30 CET Local ID 62f9287b-230c-4511-ad40-33ac5816103c Raw Audit Messages type=AVC msg=audit(1356779430.724:1037): avc: denied { write } for pid=17004 comm="ethtool" path="/var/log/tuned/tuned.log" dev="sda3" ino=358966 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:tuned_log_t:s0 tclass=file type=SYSCALL msg=audit(1356779430.724:1037): arch=x86_64 syscall=execve success=yes exit=0 a0=7f0e1000e5a0 a1=7f0e1002c310 a2=7fff41798690 a3=3a8f520cf8 items=0 ppid=591 pid=17004 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=ethtool exe=/usr/sbin/ethtool subj=system_u:system_r:ifconfig_t:s0 key=(null) Hash: ethtool,ifconfig_t,tuned_log_t,file,write audit2allow #============= ifconfig_t ============== allow ifconfig_t tuned_log_t:file write; audit2allow -R #============= ifconfig_t ============== allow ifconfig_t tuned_log_t:file write; Additional info: hashmarkername: setroubleshoot kernel: 3.6.11-3.fc18.x86_64 type: libreport Potential duplicate: bug 751851
It has been fixed in the tuned package.
The problem was resolved in bug 890435. Not closing as a dupe due to different release.
tuned-2.1.2-1.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/FEDORA-2013-0068/tuned-2.1.2-1.fc18
tuned-2.1.2-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.