Göran Uddeborg writes: > I retriggered it, and attach the mail setroubleshoot sent me. It looked wierd in my mail client when I got it back. I'm not sure why, and if its buggy when reading or when writing. Just in case, I reran sealert and include the output below. Summary: SELinux is preventing ln (user_t) "link" to ./30392D30342D3132202D20535654312056C3A473746E797474202D204D65726C696E202D20427269747469736B742066616E746173796472616D615F2044656C2031332061762031335F2056C3A46E736B61705F206C6F6A616C69746574206F6368206B2E7473 (var_lib_t). Detailed Description: SELinux denied access requested by ln. It is not expected that this access is required by ln and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./30392D30342D3132202D20535654312056C3A473746E797474202D204D65726C696E202D20427269747469736B742066616E746173796472616D615F2044656C2031332061762031335F2056C3A46E736B61705F206C6F6A616C69746574206F6368206B2E7473, restorecon -v './30392D30342D3132202D20535654312056C3A473746E797474202D204D65726C696E202D20427269747469736B742066616E746173796472616D615F2044656C2031332061762031335F2056C3A46E736B61705F206C6F6A616C69746574206F6368206B2E7473' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context user_u:user_r:user_t Target Context system_u:object_r:var_lib_t Target Objects ./30392D30342D3132202D20535654312056C3A473746E7974 74202D204D65726C696E202D20427269747469736B74206661 6E746173796472616D615F2044656C2031332061762031335F 2056C3A46E736B61705F206C6F6A616C69746574206F636820 6B2E7473 [ file ] Source ln Source Path /bin/ln Port <Unknown> Host mimmi Source RPM Packages coreutils-6.12-18.fc10 Target RPM Packages Policy RPM selinux-policy-3.5.13-58.fc10 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall_file Host Name mimmi Platform Linux mimmi 2.6.27.12-170.2.5.fc10.x86_64 #1 SMP Wed Jan 21 01:33:24 EST 2009 x86_64 x86_64 Alert Count 1 First Seen Mon May 18 20:00:13 2009 Last Seen Mon May 18 20:00:13 2009 Local ID d6ad3700-432a-4dd7-b574-46275e4d1e24 Line Numbers Raw Audit Messages node=mimmi type=AVC msg=audit(1242669613.397:1336): avc: denied { link } for pid=26061 comm="ln" name=30392D30342D3132202D20535654312056C3A473746E797474202D204D65726C696E202D20427269747469736B742066616E746173796472616D615F2044656C2031332061762031335F2056C3A46E736B61705F206C6F6A616C69746574206F6368206B2E7473 dev=dm-0 ino=3276854 scontext=user_u:user_r:user_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file node=mimmi type=SYSCALL msg=audit(1242669613.397:1336): arch=c000003e syscall=86 success=no exit=-13 a0=7fff3f37982a a1=7fff3f3798a4 a2=0 a3=7fff3f378380 items=0 ppid=25807 pid=26061 auid=920 uid=920 gid=924 euid=920 suid=920 fsuid=920 egid=924 sgid=924 fsgid=924 tty=tty2 ses=10 comm="ln" exe="/bin/ln" subj=user_u:user_r:user_t:s0 key=(null) -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
