Description of problem: SELinux is preventing /usr/lib/udisks2/udisksd from 'rename' accesses on the file Maxtor-6L100M0-L21Q178G.conf.YQK20W. ***** Plugin catchall_labels (83.8 confidence) suggests ******************** If you want to allow udisksd to have rename access on the Maxtor-6L100M0-L21Q178G.conf.YQK20W file Then you need to change the label on Maxtor-6L100M0-L21Q178G.conf.YQK20W Do # semanage fcontext -a -t FILE_TYPE 'Maxtor-6L100M0-L21Q178G.conf.YQK20W' where FILE_TYPE is one of the following: device_t, devicekit_tmp_t, devicekit_var_lib_t, devicekit_var_run_t, svirt_image_t, virt_content_t, virt_image_t, xen_image_t. Then execute: restorecon -v 'Maxtor-6L100M0-L21Q178G.conf.YQK20W' ***** Plugin catchall (17.1 confidence) suggests *************************** If you believe that udisksd should be allowed rename access on the Maxtor-6L100M0-L21Q178G.conf.YQK20W file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep pool /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:devicekit_disk_t:s0 Target Context system_u:object_r:etc_t:s0 Target Objects Maxtor-6L100M0-L21Q178G.conf.YQK20W [ file ] Source pool Source Path /usr/lib/udisks2/udisksd Port <Unknown> Host (removed) Source RPM Packages udisks2-2.0.1-3.fc18.x86_64 Target RPM Packages Policy RPM selinux-policy-3.11.1-98.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.9.11-200.fc18.x86_64 #1 SMP Mon Jul 22 21:04:50 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-08-04 16:52:46 PDT Last Seen 2013-08-04 16:52:46 PDT Local ID efec6792-954d-4451-a610-fef1329a2e07 Raw Audit Messages type=AVC msg=audit(1375660366.462:329): avc: denied { rename } for pid=2537 comm="pool" name="Maxtor-6L100M0-L21Q178G.conf.YQK20W" dev="dm-0" ino=3015816 scontext=system_u:system_r:devicekit_disk_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file type=SYSCALL msg=audit(1375660366.462:329): arch=x86_64 syscall=rename success=yes exit=0 a0=7f74e402c950 a1=7f74e404d200 a2=7f74e4000078 a3=6f656d6954796264 items=0 ppid=1 pid=2537 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=pool exe=/usr/lib/udisks2/udisksd subj=system_u:system_r:devicekit_disk_t:s0 key=(null) Hash: pool,devicekit_disk_t,etc_t,file,rename audit2allow #============= devicekit_disk_t ============== allow devicekit_disk_t etc_t:file rename; audit2allow -R require { type devicekit_disk_t; } #============= devicekit_disk_t ============== files_manage_etc_files(devicekit_disk_t) Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.9.11-200.fc18.x86_64 type: libreport Potential duplicate: bug 976929
*** Bug 991842 has been marked as a duplicate of this bug. ***
#============= devicekit_disk_t ============== #!!!! This avc is allowed in the current policy allow devicekit_disk_t etc_t:file rename;