Description of problem: SELinux is preventing /usr/bin/certutil from 'write' accesses on the directory /etc/pki/ca-trust/source. ***** Plugin catchall (100. confidence) suggests *************************** If vous pensez que certutil devrait être autorisé à accéder write sur source directory par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep certutil /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:certwatch_t:s0-s0:c0.c1023 Target Context system_u:object_r:cert_t:s0 Target Objects /etc/pki/ca-trust/source [ dir ] Source certutil Source Path /usr/bin/certutil Port <Inconnu> Host (removed) Source RPM Packages nss-tools-3.15.1-2.fc20.x86_64 Target RPM Packages ca-certificates-2013.1.94-15.fc20.noarch Policy RPM selinux-policy-3.12.1-66.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.11.0-0.rc0.git3.1.fc20.x86_64 #1 SMP Tue Jul 9 21:34:37 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-07-25 03:48:03 CEST Last Seen 2013-07-25 03:48:03 CEST Local ID 6f6cd76f-8e1a-4a41-bd84-fb917a38518f Raw Audit Messages type=AVC msg=audit(1374716883.536:1481): avc: denied { write } for pid=9801 comm="certutil" name="source" dev="dm-0" ino=529312 scontext=system_u:system_r:certwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cert_t:s0 tclass=dir type=SYSCALL msg=audit(1374716883.536:1481): arch=x86_64 syscall=access success=yes exit=0 a0=abdc40 a1=2 a2=0 a3=7fffa55c70c0 items=0 ppid=9800 pid=9801 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=59 tty=(none) comm=certutil exe=/usr/bin/certutil subj=system_u:system_r:certwatch_t:s0-s0:c0.c1023 key=(null) Hash: certutil,certwatch_t,cert_t,dir,write Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.11.0-0.rc0.git3.1.fc20.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 988208 ***