Description of problem: This happened shortly after logging into an xfce4 session as staff_u. SELinux is preventing /usr/bin/gpg-agent from 'create' accesses on the sock_file S.gpg-agent. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that gpg-agent should be allowed create access on the S.gpg-agent sock_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep gpg-agent /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context staff_u:staff_r:gpg_agent_t:s0-s0:c0.c1023 Target Context staff_u:object_r:user_home_t:s0 Target Objects S.gpg-agent [ sock_file ] Source gpg-agent Source Path /usr/bin/gpg-agent Port <Unknown> Host (removed) Source RPM Packages gnupg2-2.0.19-7.fc18.x86_64 Target RPM Packages Policy RPM selinux-policy-3.11.1-98.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.9.11-200.fc18.x86_64 #1 SMP Mon Jul 22 21:04:50 UTC 2013 x86_64 x86_64 Alert Count 5 First Seen 2013-07-23 18:31:19 PDT Last Seen 2013-07-29 10:46:06 PDT Local ID 87a1a57f-a70d-4ee5-97dc-0d0cea63ad22 Raw Audit Messages type=AVC msg=audit(1375119966.464:345): avc: denied { create } for pid=1552 comm="gpg-agent" name="S.gpg-agent" scontext=staff_u:staff_r:gpg_agent_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:user_home_t:s0 tclass=sock_file type=SYSCALL msg=audit(1375119966.464:345): arch=x86_64 syscall=bind success=no exit=EACCES a0=5 a1=18e6ba0 a2=21 a3=6e items=0 ppid=1538 pid=1552 auid=1000 uid=1000 gid=100 euid=1000 suid=1000 fsuid=1000 egid=100 sgid=100 fsgid=100 ses=1 tty=(none) comm=gpg-agent exe=/usr/bin/gpg-agent subj=staff_u:staff_r:gpg_agent_t:s0-s0:c0.c1023 key=(null) Hash: gpg-agent,gpg_agent_t,user_home_t,sock_file,create audit2allow #============= gpg_agent_t ============== allow gpg_agent_t user_home_t:sock_file create; audit2allow -R require { type gpg_agent_t; } #============= gpg_agent_t ============== userdom_manage_user_home_content_sockets(gpg_agent_t) Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.9.11-200.fc18.x86_64 type: libreport
Does restorecon -R -v ~/.gnugpg Fix any labeles?
Lots of them. Shall we close this until (if?) I can reproduce it with the right labels?
That is what caused your problem. You might want to go to a higher level. restorecon -R -v /home