Hi, I'm getting the following denial on a fully updated Centos 5.3 system with ( selinux-policy-2.4.6-203.el5.noarch ) Summary: SELinux is preventing semodule (semanage_t) "getattr" to / (fs_t). Detailed Description: SELinux denied access requested by semodule. It is not expected that this access is required by semodule and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context root:system_r:semanage_t:SystemLow-SystemHigh Target Context system_u:object_r:fs_t Target Objects / [ filesystem ] Source semodule Source Path <Unknown> Port <Unknown> Host a.b.c.d Source RPM Packages Target RPM Packages filesystem-2.4.0-2.el5.centos Policy RPM selinux-policy-2.4.6-203.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name a.b.c.d Platform Linux a.b.c.d 2.6.18-128.1.6.el5 #1 SMP Wed Apr 1 09:10:25 EDT 2009 x86_64 x86_64 Alert Count 1 First Seen Thu Apr 23 08:53:08 2009 Last Seen Thu Apr 23 08:53:08 2009 Local ID 227642bc-dd66-4a04-bcad-13c3d52e5e63 Line Numbers Raw Audit Messages host=a.b.c.d type=AVC msg=audit(1240473188.358:3149): avc: denied { getattr } for pid=29325 comm="semodule" name="/" dev=sda5 ino=2 scontext=root:system_r:semanage_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem I can generate local policy but is that the best solution Regards, Tony -- Dept. of Comp. Sci. University of Limerick. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
