On Fri, 2009-07-10 at 16:28 -0500, Robert Nichols wrote:
When trying to set a new default for Power Management Preferences:
Detailed Description:
SELinux denied access requested by gconf-defaults-. It is not expected that this access is required by gconf-defaults- and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
Additional Information:
Source Context system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023 Target Context system_u:object_r:security_t:s0 Target Objects mls [ file ] Source gconf-defaults- Source Path /usr/libexec/gconf-defaults-mechanism Port <Unknown> Host omega-3p.local Source RPM Packages GConf2-2.26.2-1.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.12-53.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name omega-3p.local Platform Linux omega-3p.local 2.6.29.5-191.fc11.i586 #1 SMP Tue Jun 16 23:11:39 EDT 2009 i686 i686 Alert Count 2 First Seen Fri 10 Jul 2009 04:20:11 PM CDT Last Seen Fri 10 Jul 2009 04:20:11 PM CDT Local ID de1d32d5-dded-47ec-9eb5-9dc8167a8685 Line Numbers
Raw Audit Messages
node=omega-3p.local type=AVC msg=audit(1247260811.959:37): avc: denied { read } for pid=3541 comm="gconf-defaults-" name="mls" dev=selinuxfs ino=12 scontext=system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=file
node=omega-3p.local type=AVC msg=audit(1247260811.959:37): avc: denied { open } for pid=3541 comm="gconf-defaults-" name="mls" dev=selinuxfs ino=12 scontext=system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=file
node=omega-3p.local type=SYSCALL msg=http://kojipkgs.fedoraproject.org/packages/selinux-policy/3.6.12/65.fc11/noa...): arch=40000003 syscall=5 success=yes exit=3 a0=bfd414e8 a1=8000 a2=0 a3=bfd414e8 items=0 ppid=3540 pid=3541 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gconf-defaults-" exe="/usr/libexec/gconf-defaults-mechanism" subj=system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023 key=(null)
This issue should be resolved in latest policy:
rpm -Uvh http://kojipkgs.fedoraproject.org/packages/selinux-policy/3.6.12/65.fc11/noa... http://kojipkgs.fedoraproject.org/packages/selinux-policy/3.6.12/65.fc11/noa...