Description of problem: SELinux is preventing /usr/bin/ln from 'create' accesses on the lnk_file kernel-3.9.6-200.fc18.x86_64-x86_64. ***** Plugin catchall_labels (83.8 confidence) suggests ******************** If you want to allow ln to have create access on the kernel-3.9.6-200.fc18.x86_64-x86_64 lnk_file Then you need to change the label on kernel-3.9.6-200.fc18.x86_64-x86_64 Do # semanage fcontext -a -t FILE_TYPE 'kernel-3.9.6-200.fc18.x86_64-x86_64' where FILE_TYPE is one of the following: apcupsd_lock_t, apmd_lock_t, automount_lock_t, bluetooth_lock_t, condor_var_lock_t, cupsd_lock_t, denyhosts_var_lock_t, device_t, dirsrv_var_lock_t, dirsrvadmin_lock_t, drbd_lock_t, etc_aliases_t, etc_t, fenced_lock_t, fonts_t, ftpd_lock_t, getty_lock_t, httpd_lock_t, initrc_state_t, initrc_tmp_t, ipsec_mgmt_lock_t, iscsi_lock_t, krb5kdc_lock_t, likewise_pstore_lock_t, local_login_lock_t, locale_t, lockdev_lock_t, logrotate_lock_t, logwatch_lock_t, lvm_lock_t, mailman_lock_t, mandb_lock_t, mrtg_lock_t, pkcsslotd_lock_t, pki_ra_lock_t, pki_tomcat_lock_t, pki_tps_lock_t, postgresql_db_t, postgresql_lock_t, pppd_lock_t, qpidd_var_run_t, rhsmcertd_lock_t, ricci_modstorage_lock_t, semanage_read_lock_t, semanage_trans_lock_t, shorewall_lock_t, slapd_lock_t, svc_svc_t, system_cronjob_lock_t, tmpfs_t, uucpd_lock_t, var_lock_t, var_run_t, virt_cache_t, virt_lock_t, xdm_lock_t. Then execute: restorecon -v 'kernel-3.9.6-200.fc18.x86_64-x86_64' ***** Plugin catchall (17.1 confidence) suggests *************************** If you believe that ln should be allowed create access on the kernel-3.9.6-200.fc18.x86_64-x86_64 lnk_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep ln /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:system_r:initrc_t:s0 Target Context unconfined_u:object_r:var_lib_t:s0 Target Objects kernel-3.9.6-200.fc18.x86_64-x86_64 [ lnk_file ] Source ln Source Path /usr/bin/ln Port <Unknown> Host (removed) Source RPM Packages coreutils-8.17-8.fc18.x86_64 Target RPM Packages Policy RPM selinux-policy-3.11.1-97.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.9.6-200.fc18.x86_64 #1 SMP Thu Jun 13 18:56:55 UTC 2013 x86_64 x86_64 Alert Count 2 First Seen 2013-06-21 19:50:49 PDT Last Seen 2013-06-21 19:51:10 PDT Local ID ba4dcb20-fec7-4efd-a712-dcd8f10407fe Raw Audit Messages type=AVC msg=audit(1371869470.403:420): avc: denied { create } for pid=6789 comm="ln" name="kernel-3.9.6-200.fc18.x86_64-x86_64" scontext=unconfined_u:system_r:initrc_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=lnk_file type=SYSCALL msg=audit(1371869470.403:420): arch=x86_64 syscall=symlink success=yes exit=0 a0=7fff45681707 a1=7fff4568172b a2=0 a3=a items=0 ppid=6660 pid=6789 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=2 tty=pts0 comm=ln exe=/usr/bin/ln subj=unconfined_u:system_r:initrc_t:s0 key=(null) Hash: ln,initrc_t,var_lib_t,lnk_file,create audit2allow #============= initrc_t ============== allow initrc_t var_lib_t:lnk_file create; audit2allow -R require { type initrc_t; } #============= initrc_t ============== files_manage_var_lib_symlinks(initrc_t) Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.9.6-200.fc18.x86_64 type: libreport Potential duplicate: bug 976939
*** This bug has been marked as a duplicate of bug 976939 ***