Description of problem: Did create a backup to copy essential system data there, using command cp -a /sys /run/media/klaus/Bigdisk2/Backup_Fedora19 that did render lots of error messages at shell prompt and did call Selinux to alarm, preventing /usr/bin/cp from 'associate' accesses on the filesystem pstore. Think that Selinux preventing 'associate' accesses to filesystem is well done but error messages to cp -a sys disturbing. Want to get this to solution quick. SELinux is preventing /usr/bin/cp from 'associate' accesses on the filesystem pstore. ***** Plugin catchall (100. confidence) suggests *************************** If sie denken, dass es cp standardmässig erlaubt sein sollte, associate Zugriff auf pstore filesystem zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # grep cp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:object_r:pstorefs_t:s0 Target Context system_u:object_r:fs_t:s0 Target Objects pstore [ filesystem ] Source cp Source Path /usr/bin/cp Port <Unbekannt> Host (removed) Source RPM Packages coreutils-8.21-11.fc19.i686 Target RPM Packages Policy RPM selinux-policy-3.12.1-47.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.9.4-300.fc19.i686.PAE #1 SMP Fri May 24 23:19:44 UTC 2013 i686 i686 Alert Count 1 First Seen 2013-06-03 07:51:44 CEST Last Seen 2013-06-03 07:51:44 CEST Local ID 53cf1390-ed0c-4559-b022-58ea2dc1e0a3 Raw Audit Messages type=AVC msg=audit(1370238704.595:540): avc: denied { associate } for pid=2578 comm="cp" name="pstore" scontext=system_u:object_r:pstorefs_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem type=SYSCALL msg=audit(1370238704.595:540): arch=i386 syscall=mkdir success=no exit=EACCES a0=94c4190 a1=1c0 a2=8069000 a3=0 items=0 ppid=2376 pid=2578 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=1 tty=pts0 comm=cp exe=/usr/bin/cp subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) Hash: cp,pstorefs_t,fs_t,filesystem,associate Additional info: reporter: libreport-2.1.4 hashmarkername: setroubleshoot kernel: 3.9.4-300.fc19.i686.PAE type: libreport
Basically cp -a is attempting to preserve SELinux labels from /sys to a file system, and policy says that these labeles like pstorefs_t is not allowed to be written on a real file system. Use -p instead and you should work fine.