Since I was watching /var/log/messages prior to my lastest yum update and didn't see these messages, I'm pretty sure it's fairly new. The below message in /var/log/messages is repeated about once every 5 seconds "forever", so it's kind of annoying. Jun 13 11:49:21 vhost-16 setroubleshoot: SELinux is preventing accounts-daemon from read access on the directory /var/log. For complete SELinux messages. run sealert -l 9136c1d3-62c2-4567-9d4f-80f28866858c root@vhost-16 /home/laine>sealert -l 9136c1d3-62c2-4567-9d4f-80f28866858c SELinux is preventing accounts-daemon from read access on the directory /var/log. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that accounts-daemon should be allowed read access on the log directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep accounts-daemon /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:accountsd_t:s0 Target Context system_u:object_r:var_log_t:s0 Target Objects /var/log [ dir ] Source accounts-daemon Source Path accounts-daemon Port <Unknown> Host vhost-16.laine.org Source RPM Packages Target RPM Packages filesystem-3.2-10.fc19.x86_64 Policy RPM selinux-policy-3.12.1-48.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name vhost-16.laine.org Platform Linux vhost-16.laine.org 3.9.5-301.fc19.x86_64 #1 SMP Tue Jun 11 19:39:38 UTC 2013 x86_64 x86_64 Alert Count 92 First Seen 2013-06-13 11:43:28 EDT Last Seen 2013-06-13 11:49:36 EDT Local ID 9136c1d3-62c2-4567-9d4f-80f28866858c Raw Audit Messages type=AVC msg=audit(1371138576.672:506): avc: denied { read } for pid=542 comm="accounts-daemon" name="log" dev="dm-0" ino=18350117 scontext=system_u:system_r:accountsd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir Jun 13 11:49:21 vhost-16 setroubleshoot: SELinux is preventing accounts-daemon from read access on the directory /var/log. For complete SELinux messages. run sealert -l 9136c1d3-62c2-4567-9d4f-80f28866858c ^C root@vhost-16 /home/laine>ps -AlF | grep accounts-daemon 4 S root 542 1 0 80 0 - 91591 poll_s 3368 0 11:43 ? 00:00:00 /usr/libexec/accounts-daemon 0 S root 2809 2631 0 80 0 - 28162 pipe_w 880 3 11:49 pts/0 00:00:00 grep --color=auto accounts-daemon root@vhost-16 /home/laine>sealert -l 9136c1d3-62c2-4567-9d4f-80f28866858c SELinux is preventing accounts-daemon from read access on the directory /var/log. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that accounts-daemon should be allowed read access on the log directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep accounts-daemon /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:accountsd_t:s0 Target Context system_u:object_r:var_log_t:s0 Target Objects /var/log [ dir ] Source accounts-daemon Source Path accounts-daemon Port <Unknown> Host vhost-16.laine.org Source RPM Packages Target RPM Packages filesystem-3.2-10.fc19.x86_64 Policy RPM selinux-policy-3.12.1-48.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name vhost-16.laine.org Platform Linux vhost-16.laine.org 3.9.5-301.fc19.x86_64 #1 SMP Tue Jun 11 19:39:38 UTC 2013 x86_64 x86_64 Alert Count 92 First Seen 2013-06-13 11:43:28 EDT Last Seen 2013-06-13 11:49:36 EDT Local ID 9136c1d3-62c2-4567-9d4f-80f28866858c Raw Audit Messages type=AVC msg=audit(1371138576.672:506): avc: denied { read } for pid=542 comm="accounts-daemon" name="log" dev="dm-0" ino=18350117 scontext=system_u:system_r:accountsd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir Hash: accounts-daemon,accountsd_t,var_log_t,dir,read
same here. I'm seeing one entry added to /var/log/messages every 4 seconds and 10% cpu load servicing the fallout from this selinux denial. 2013-06-13T21:59:04.071296-07:00 arbol setroubleshoot: SELinux is preventing /usr/libexec/accounts-daemon from read access on the directory /var/log. For complete SELinux messages. run sealert -l 14b2e316-045a-4ee4-a2b9-8defd3d61f01 2013-06-13T21:59:08.076532-07:00 arbol setroubleshoot: SELinux is preventing /usr/libexec/accounts-daemon from read access on the directory /var/log. For complete SELinux messages. run sealert -l 14b2e316-045a-4ee4-a2b9-8defd3d61f01 2013-06-13T21:59:12.076820-07:00 arbol setroubleshoot: SELinux is preventing /usr/libexec/accounts-daemon from read access on the directory /var/log. For complete SELinux messages. run sealert -l 14b2e316-045a-4ee4-a2b9-8defd3d61f01 2013-06-13T21:59:16.064170-07:00 arbol setroubleshoot: SELinux is preventing /usr/libexec/accounts-daemon from read access on the directory /var/log. For complete SELinux messages. run sealert -l 14b2e316-045a-4ee4-a2b9-8defd3d61f01 SELinux is preventing /usr/libexec/accounts-daemon from read access on the directory /var/log. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that accounts-daemon should be allowed read access on the log directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep accounts-daemon /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:accountsd_t:s0 Target Context system_u:object_r:var_log_t:s0 Target Objects /var/log [ dir ] Source accounts-daemon Source Path /usr/libexec/accounts-daemon Port <Unknown> Host arbol.wsrcc.com Source RPM Packages accountsservice-0.6.34-1.fc19.x86_64 Target RPM Packages filesystem-3.2-10.fc19.x86_64 Policy RPM selinux-policy-3.12.1-48.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name arbol.wsrcc.com Platform Linux arbol.wsrcc.com 3.9.5-301.fc19.x86_64 #1 SMP Tue Jun 11 19:39:38 UTC 2013 x86_64 x86_64 Alert Count 44 First Seen 2013-06-13 22:00:47 PDT Last Seen 2013-06-13 22:03:39 PDT Local ID 7a43b499-3378-441a-aa12-fac74b372b87 Raw Audit Messages type=AVC msg=audit(1371186219.313:6320): avc: denied { read } for pid=480 comm="accounts-daemon" name="log" dev="sda3" ino=1445955 scontext=system_u:system_r:accountsd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir type=SYSCALL msg=audit(1371186219.313:6320): arch=x86_64 syscall=inotify_add_watch success=no exit=EACCES a0=7 a1=7f0638b94d10 a2=1002fce a3=0 items=0 ppid=1 pid=480 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=accounts-daemon exe=/usr/libexec/accounts-daemon subj=system_u:system_r:accountsd_t:s0 key=(null) Hash: accounts-daemon,accountsd_t,var_log_t,dir,read
Has been added.
selinux-policy-3.12.1-52.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-52.fc19
Dupe of bug #973849 I guess
selinux-policy-3.12.1-52.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.