Dear list(s), currently running Rawhide and setroubleshoot browser fires up with a denial Summary SELinux is preventing /usr/sbin/semodule (semanage_t) "getattr" to / (security_t). Detailed Description SELinux denied access requested by /usr/sbin/semodule. It is not expected that this access is required by /usr/sbin/semodule and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context user_u:system_r:semanage_t Target Context system_u:object_r:security_t Target Objects / [ filesystem ] Affected RPM Packages policycoreutils-2.0.2-3.fc7 [application]filesystem-2.4.2-1.fc7 [target] Policy RPM selinux-policy-2.5.4-1.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall Host Name localhost Platform Linux localhost 2.6.20-1.2949.fc7 #1 SMP Mon Feb 26 18:37:35 EST 2007 i686 athlon Alert Count 1 First Seen Wed 04 Apr 2007 06:46:19 AM CDT Last Seen Wed 04 Apr 2007 06:46:19 AM CDT Local ID 32e2ac76-301c-4f3f-b971-e8b7da4fff73 Line Numbers Raw Audit Messages avc: denied { getattr } for comm="semodule" dev=selinuxfs egid=0 euid=0 exe="/usr/sbin/semodule" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="/" pid=8883 scontext=user_u:system_r:semanage_t:s0 sgid=0 subj=user_u:system_r:semanage_t:s0 suid=0 tclass=filesystem tcontext=system_u:object_r:security_t:s0 tty=pts1 uid=0 Summary SELinux is preventing /usr/sbin/useradd (useradd_t) "read write" to faillog (var_log_t). Detailed Description SELinux denied access requested by /usr/sbin/useradd. It is not expected that this access is required by /usr/sbin/useradd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for faillog, restorecon -v faillog If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context user_u:system_r:useradd_t Target Context system_u:object_r:var_log_t Target Objects faillog [ file ] Affected RPM Packages shadow-utils-4.0.18.1-13.fc7 [application] Policy RPM selinux-policy-2.5.12-5.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall_file Host Name localhost Platform Linux localhost 2.6.20-1.3088.fc7 #1 SMP Wed Apr 18 15:12:44 EDT 2007 i686 athlon Alert Count 1 First Seen Thu 19 Apr 2007 06:19:42 PM CDT Last Seen Thu 19 Apr 2007 06:19:42 PM CDT Local ID 2eacf14b-bf35-4d12-bb8e-13e35aeaaf6a Line Numbers Raw Audit Messages avc: denied { read, write } for comm="useradd" dev=dm-0 egid=0 euid=0 exe="/usr/sbin/useradd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="faillog" pid=3370 scontext=user_u:system_r:useradd_t:s0 sgid=0 subj=user_u:system_r:useradd_t:s0 suid=0 tclass=file tcontext=system_u:object_r:var_log_t:s0 tty=pts0 uid=0 Thanks for any help/suggestions on this. Regards, Antonio __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list