Description of problem: I attempted to change the time using the KDE time and date settings panel SELinux is preventing /usr/libexec/kde4/kcmdatetimehelper from 'write' accesses on the directory /root. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that kcmdatetimehelper should be allowed write access on the root directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep kcmdatetimehelp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 Target Context system_u:object_r:admin_home_t:s0 Target Objects /root [ dir ] Source kcmdatetimehelp Source Path /usr/libexec/kde4/kcmdatetimehelper Port <Unknown> Host (removed) Source RPM Packages kde-workspace-4.9.97-5.fc18.x86_64 Target RPM Packages filesystem-3.1-2.fc18.x86_64 Policy RPM selinux-policy-3.11.1-67.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.7.2-204.fc18.x86_64 #1 SMP Wed Jan 16 16:22:52 UTC 2013 x86_64 x86_64 Alert Count 3 First Seen 2013-01-22 15:57:58 UTC Last Seen 2013-01-22 15:02:09 UTC Local ID 2a299f04-2040-464c-891e-f325220f3a49 Raw Audit Messages type=AVC msg=audit(1358866929.889:649): avc: denied { write } for pid=1947 comm="kcmdatetimehelp" name="root" dev="dm-2" ino=310 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir type=SYSCALL msg=audit(1358866929.889:649): arch=x86_64 syscall=access success=yes exit=0 a0=767d78 a1=2 a2=200 a3=2 items=0 ppid=1 pid=1947 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=kcmdatetimehelp exe=/usr/libexec/kde4/kcmdatetimehelper subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null) Hash: kcmdatetimehelp,gnomeclock_t,admin_home_t,dir,write audit2allow #============= gnomeclock_t ============== #!!!! The source type 'gnomeclock_t' can write to a 'dir' of the following types: # locale_t, etc_t, config_home_t, config_usr_t, systemd_passwd_var_run_t allow gnomeclock_t admin_home_t:dir write; audit2allow -R #============= gnomeclock_t ============== #!!!! The source type 'gnomeclock_t' can write to a 'dir' of the following types: # locale_t, etc_t, config_home_t, config_usr_t, systemd_passwd_var_run_t allow gnomeclock_t admin_home_t:dir write; Additional info: hashmarkername: setroubleshoot kernel: 3.7.2-204.fc18.x86_64 type: libreport
Most likely attempting to create the /root/.kde directory
da6e632b56cf4557c30ec3dd12093e55ba3b0af0 fixes this in Rawhide Git.
Backported.
selinux-policy-3.11.1-74.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/selinux-policy-3.11.1-74.fc18
Package selinux-policy-3.11.1-74.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-74.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-1693/selinux-policy-3.11.1-74.fc18 then log in and leave karma (feedback).
selinux-policy-3.11.1-74.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.