Description of problem: SELinux is preventing /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jre/bin/java from 'rmdir' accesses on the directory menu. ***** Plugin catchall (100. confidence) suggests *************************** If sie denken, dass java standardmässig erlaubt sein sollte, rmdir Zugriff auf menu directory zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # grep java /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c 0.c1023 Target Context unconfined_u:object_r:user_home_t:s0 Target Objects menu [ dir ] Source java Source Path /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jr e/bin/java Port <Unbekannt> Host (removed) Source RPM Packages java-1.7.0-openjdk-1.7.0.19-2.3.9.3.fc17.x86_64 Target RPM Packages Policy RPM selinux-policy-3.10.0-169.fc17.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.8.13-100.fc17.x86_64 #1 SMP Mon May 13 13:36:17 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-05-27 22:39:27 CEST Last Seen 2013-05-27 22:39:27 CEST Local ID bb293325-ffac-496e-9a44-061906f3e7c7 Raw Audit Messages type=AVC msg=audit(1369687167.260:1122): avc: denied { rmdir } for pid=6446 comm="java" name="menu" dev="dm-2" ino=803006 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir type=SYSCALL msg=audit(1369687167.260:1122): arch=x86_64 syscall=rmdir success=yes exit=0 a0=7f8150042d50 a1=6 a2=15 a3=707474682f38372f items=0 ppid=5494 pid=6446 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=2 tty=(none) comm=java exe=/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.19.x86_64/jre/bin/java subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) Hash: java,mozilla_plugin_t,user_home_t,dir,rmdir audit2allow #============= mozilla_plugin_t ============== allow mozilla_plugin_t user_home_t:dir rmdir; audit2allow -R #============= mozilla_plugin_t ============== allow mozilla_plugin_t user_home_t:dir rmdir; Additional info: hashmarkername: setroubleshoot kernel: 3.8.13-100.fc17.x86_64 type: libreport
Please execute # chcon -R -t mozilla_home_t /home/<username>/.icedtea
(In reply to Miroslav Grepl from comment #1) > Please execute > > # chcon -R -t mozilla_home_t /home/<username>/.icedtea Hallo Miroslav, I tried it - didn't help, same error-message. Greets - Andreas
selinux-policy-3.10.0-170.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-170.fc17
Package selinux-policy-3.10.0-170.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-170.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-10302/selinux-policy-3.10.0-170.fc17 then log in and leave karma (feedback).
selinux-policy-3.10.0-170.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
Very bizar, the bugreporter send me here, it is supposedly fixed in fedora17 and I am running fedora18: [root@cal-26 ~]# cat /etc/*release Fedora release 18 (Spherical Cow) NAME=Fedora VERSION="18 (Spherical Cow)" ID=fedora VERSION_ID=18 PRETTY_NAME="Fedora 18 (Spherical Cow)" ANSI_COLOR="0;34" CPE_NAME="cpe:/o:fedoraproject:fedora:18" Fedora release 18 (Spherical Cow) Fedora release 18 (Spherical Cow) [root@cal-26 ~]#
Joost Does restorecon -R -v ~/ Fix any labels in your homedir?