Here are the latest ones from F8. I'll reboot to F9 beta and send those also. Valent. -- http://kernelreloaded.blog385.com/ linux, blog, anime, spirituality, windsurf, wireless registered as user #367004 with the Linux Counter, http://counter.li.org. ICQ: 2125241, Skype: valent.turkovic
Summary: SELinux is preventing gconfd-2 from creating a file with a context of unlabeled_t on a filesystem. Detailed Description: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux is preventing gconfd-2 from creating a file with a context of unlabeled_t on a filesystem. Usually this happens when you ask the cp command to maintain the context of a file when copying between file systems, "cp -a" for example. Not all file contexts should be maintained between the file systems. For example, a read-only file type like iso9660_t should not be placed on a r/w system. "cp -P" might be a better solution, as this will adopt the default file context for the destination. Allowing Access: Use a command like "cp -P" to preserve all permissions except SELinux context. Additional Information: Source Context unconfined_u:object_r:unlabeled_t:s0 Target Context system_u:object_r:fs_t:s0 Target Objects saved_state.tmp [ filesystem ] Source gconfd-2 Source Path /usr/libexec/gconfd-2 Port <Unknown> Host valent.oswireless Source RPM Packages GConf2-2.20.1-1.fc8 Target RPM Packages Policy RPM selinux-policy-3.0.8-93.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name filesystem_associate Host Name valent.oswireless Platform Linux valent.oswireless 2.6.24.3-34.fc8 #1 SMP Wed Mar 12 18:17:20 EDT 2008 i686 i686 Alert Count 1 First Seen Sat 22 Mar 2008 08:55:28 AM CET Last Seen Sat 22 Mar 2008 08:55:28 AM CET Local ID a99f93ec-fbdf-4beb-a85c-fc340a1a687b Line Numbers Raw Audit Messages host=valent.oswireless type=AVC msg=audit(1206172528.330:148): avc: denied { associate } for pid=2571 comm="gconfd-2" name="saved_state.tmp" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem host=valent.oswireless type=SYSCALL msg=audit(1206172528.330:148): arch=40000003 syscall=5 success=yes exit=62 a0=8ee47d0 a1=241 a2=1c0 a3=8c8e130 items=0 ppid=1 pid=2571 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 key=(null)
Summary: SELinux is preventing gconfd-2 from creating a file with a context of unlabeled_t on a filesystem. Detailed Description: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux is preventing gconfd-2 from creating a file with a context of unlabeled_t on a filesystem. Usually this happens when you ask the cp command to maintain the context of a file when copying between file systems, "cp -a" for example. Not all file contexts should be maintained between the file systems. For example, a read-only file type like iso9660_t should not be placed on a r/w system. "cp -P" might be a better solution, as this will adopt the default file context for the destination. Allowing Access: Use a command like "cp -P" to preserve all permissions except SELinux context. Additional Information: Source Context unconfined_u:object_r:unlabeled_t:s0 Target Context system_u:object_r:fs_t:s0 Target Objects %gconf.xml.new [ filesystem ] Source gconfd-2 Source Path /usr/libexec/gconfd-2 Port <Unknown> Host valent.oswireless Source RPM Packages GConf2-2.20.1-1.fc8 Target RPM Packages Policy RPM selinux-policy-3.0.8-93.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name filesystem_associate Host Name valent.oswireless Platform Linux valent.oswireless 2.6.24.3-34.fc8 #1 SMP Wed Mar 12 18:17:20 EDT 2008 i686 i686 Alert Count 4 First Seen Fri 21 Mar 2008 09:25:05 PM CET Last Seen Sat 22 Mar 2008 11:29:00 AM CET Local ID 59be503c-e098-4c10-9e91-d226a159ebdb Line Numbers Raw Audit Messages host=valent.oswireless type=AVC msg=audit(1206181740.396:176): avc: denied { associate } for pid=2571 comm="gconfd-2" name="%gconf.xml.new" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem host=valent.oswireless type=SYSCALL msg=audit(1206181740.396:176): arch=40000003 syscall=5 success=yes exit=64 a0=8ee4c78 a1=41 a2=180 a3=8ec1d30 items=0 ppid=1 pid=2571 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gconfd-2" exe="/usr/libexec/gconfd-2" subj=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 key=(null)
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list