Hello All, I have a NTFS partition mounted by fstab at boot time on my F11 system. Recently I have been getting screeds and screeds of AVCs each time updatedb runs (daily) - See below for an example. A bit of googling revealed Bug 549602 https://bugzilla.redhat.com/show_bug.cgi?id=549602 which seems similar. Although fixed, it relates to F12. Unless I have missed something (quite probable) I can't see a similar fix for F11. My questions are therefore: 1) Is there a similar fix for F11? 2) Will that solve my problem? 3) If not, what should I do? I am running: selinux-policy-targeted-3.6.12-92.fc11.noarch selinux-policy-3.6.12-92.fc11.noarch Thanks in advance Mark ======================8<================================================= Summary: SELinux is preventing updatedb (locate_t) "read" fusefs_t. Detailed Description: SELinux denied access requested by updatedb. It is not expected that this access is required by updatedb and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:locate_t:s0-s0:c0.c1023 Target Context system_u:object_r:fusefs_t:s0 Target Objects /mnt/ntfs/Users/Mark/Cookies [ lnk_file ] Source updatedb Source Path /usr/bin/updatedb Port <Unknown> Host localhost.localdomain Source RPM Packages mlocate-0.22-1 Target RPM Packages Policy RPM selinux-policy-3.6.12-92.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.30.10-105.fc11.i686.PAE #1 SMP Thu Dec 24 16:41:17 UTC 2009 i686 i686 Alert Count 3 First Seen Mon 11 Jan 2010 09:22:03 GMT Last Seen Wed 13 Jan 2010 08:27:02 GMT Local ID f5c7a401-052c-4149-b79c-d5bef7725b9d Line Numbers Raw Audit Messages node=localhost.localdomain type=AVC msg=audit(1263371222.110:58): avc: denied { read } for pid=4574 comm="updatedb" name="Cookies" dev=sda3 ino=86736 scontext=system_u:system_r:locate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file node=localhost.localdomain type=SYSCALL msg=audit(1263371222.110:58): arch=40000003 syscall=12 success=no exit=-13 a0=8e1e6f9 a1=bfcd3510 a2=bfcd36f4 a3=bfcd3510 items=0 ppid=4568 pid=4574 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:locate_t:s0-s0:c0.c1023 key=(null) -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
