Description of problem: Start privoxy with systemctl start privoxy. An SELinux alert will pop up telling you that it denied privoxy write accesson the file privoxy.pid. The result will be that the feature that allows you to configure privoxy from your web browser won't work. Instead of an edit button, it just says "No write access.". SELinux is preventing /usr/sbin/privoxy from 'write' accesses on the file privoxy.pid. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that privoxy should be allowed write access on the privoxy.pid file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep privoxy /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:privoxy_t:s0 Target Context unconfined_u:object_r:var_run_t:s0 Target Objects privoxy.pid [ file ] Source privoxy Source Path /usr/sbin/privoxy Port <Unknown> Host (removed) Source RPM Packages privoxy-3.0.21-3.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-48.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.9.4-301.fc19.x86_64 #1 SMP Tue Jun 4 00:30:04 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-06-10 08:07:01 EDT Last Seen 2013-06-10 08:07:01 EDT Local ID 72869093-419b-48d9-a587-4541e6936583 Raw Audit Messages type=AVC msg=audit(1370866021.517:576): avc: denied { write } for pid=2096 comm="privoxy" name="privoxy.pid" dev="tmpfs" ino=23938 scontext=system_u:system_r:privoxy_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file type=SYSCALL msg=audit(1370866021.517:576): arch=x86_64 syscall=open success=no exit=EACCES a0=7fb32c5ea010 a1=241 a2=1b6 a3=7fb32bccfa10 items=0 ppid=2095 pid=2096 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=privoxy exe=/usr/sbin/privoxy subj=system_u:system_r:privoxy_t:s0 key=(null) Hash: privoxy,privoxy_t,var_run_t,file,write Additional info: reporter: libreport-2.1.4 hashmarkername: setroubleshoot kernel: 3.9.4-301.fc19.x86_64 type: libreport
I see # systemctl start privoxy.service # ls -lZ /var/run/privoxy.pid -rw-r--r--. root root system_u:object_r:privoxy_var_run_t:s0 /var/run/privoxy.pid Execute # restorecon -v /var/run/privoxy.pid