Description of problem: SELinux is preventing /usr/libexec/gconf-defaults-mechanism from 'read' accesses on the file /etc/passwd. ***** Plugin catchall (100. confidence) suggests *************************** If вы считаете, что gconf-defaults-mechanism следует разрешить доступ read к passwd file по умолчанию. Then рекомендуется создать отчет об ошибке. Чтобы разрешить доступ, можно создать локальный модуль политики. Do чтобы разрешить доступ, выполните: # grep gconf-defaults- /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023 Target Context system_u:object_r:passwd_file_t:s0 Target Objects /etc/passwd [ file ] Source gconf-defaults- Source Path /usr/libexec/gconf-defaults-mechanism Port <Неизвестно> Host (removed) Source RPM Packages GConf2-3.2.5-3.fc17.i686 Target RPM Packages setup-2.8.48-1.fc17.noarch Policy RPM selinux-policy-3.10.0-170.fc17.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.9.8-100.fc17.i686 #1 SMP Thu Jun 27 19:56:32 UTC 2013 i686 i686 Alert Count 1 First Seen 2013-07-13 23:24:44 MSK Last Seen 2013-07-13 23:24:44 MSK Local ID dda02761-1f48-47f7-b9cf-e4267a98bb11 Raw Audit Messages type=AVC msg=audit(1373743484.894:113): avc: denied { read } for pid=3815 comm="gconf-defaults-" name="passwd" dev="sda3" ino=188722 scontext=system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file type=SYSCALL msg=audit(1373743484.894:113): arch=i386 syscall=open success=no exit=EACCES a0=b6ce0ed5 a1=80000 a2=1b6 a3=9975700 items=0 ppid=1 pid=3815 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=gconf-defaults- exe=/usr/libexec/gconf-defaults-mechanism subj=system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023 key=(null) Hash: gconf-defaults-,gconfdefaultsm_t,passwd_file_t,file,read audit2allow #============= gconfdefaultsm_t ============== allow gconfdefaultsm_t passwd_file_t:file read; audit2allow -R #============= gconfdefaultsm_t ============== allow gconfdefaultsm_t passwd_file_t:file read; Additional info: hashmarkername: setroubleshoot kernel: 3.9.8-100.fc17.i686 type: libreport
selinux-policy-3.10.0-171.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-171.fc17
Package selinux-policy-3.10.0-171.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-171.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-13082/selinux-policy-3.10.0-171.fc17 then log in and leave karma (feedback).
Fedora 17 changed to end-of-life (EOL) status on 2013-07-30. Fedora 17 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.