new selinux alert on F19

Saturday, 15 June 2013

Hi all!

I've been running F19 (alpha and now beta) on my Acer Aspire One D255E
netbook for a few weeks now.

just today when I booted up I got this alert I've not gotten before.
I know how to teach selinux not to alert for that, but I don't know if
it's an action that SHOULD be allowed or not.

It also give another alert, apparently at boot, for complaining that
/usr/sbin/lightdm tried to create file .dmrc.0GT8WW, presumably in
my home directory, though it didn't explicitly say.

Wondering if these are bugs/features introduced in recent updates...

I'd appreciate advice on what to do here.

thanks!

Fred
              - - - - - - - - - - - - - - -

The alert says:

	   The source process: /usr/libexec/accounts/daemon
	Attempted this access: read
	    on this directory: /var/log

Here's the "details" output:

SELinux is preventing /usr/libexec/accounts-daemon from read access on the directory
/var/log.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that accounts-daemon should be allowed read access on the log directory by
default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep accounts-daemon /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:accountsd_t:s0
Target Context                system_u:object_r:var_log_t:s0
Target Objects                /var/log [ dir ]
Source                        accounts-daemon
Source Path                   /usr/libexec/accounts-daemon
Port                          <Unknown>
Host                          aspirebox
Source RPM Packages           accountsservice-0.6.34-1.fc19.x86_64
Target RPM Packages           filesystem-3.2-10.fc19.x86_64
Policy RPM                    selinux-policy-3.12.1-48.fc19.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     aspirebox
Platform                      Linux aspirebox 3.9.5-301.fc19.x86_64 #1 SMP Tue
                              Jun 11 19:39:38 UTC 2013 x86_64 x86_64
Alert Count                   3948
First Seen                    2013-06-14 13:49:29 EDT
Last Seen                     2013-06-15 12:16:19 EDT
Local ID                      eaab0b0b-7b1c-4823-90eb-5dd00ff0ca7a

Raw Audit Messages
type=AVC msg=audit(1371312979.299:646): avc:  denied  { read } for  pid=399
comm="accounts-daemon" name="log" dev="sda6" ino=2883620
scontext=system_u:system_r:accountsd_t:s0 tcontext=system_u:object_r:var_log_t:s0
tclass=dir

type=SYSCALL msg=audit(1371312979.299:646): arch=x86_64 syscall=inotify_add_watch
success=no exit=EACCES a0=8 a1=7f09d8b4ad00 a2=1002fce a3=0 items=0 ppid=1 pid=399
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295
tty=(none) comm=accounts-daemon exe=/usr/libexec/accounts-daemon
subj=system_u:system_r:accountsd_t:s0 key=(null)

Hash: accounts-daemon,accountsd_t,var_log_t,dir,read

-- 
---- Fred Smith -- fredex(a)fcshome.stoneham.ma.us -----------------------------
   "For the word of God is living and active. Sharper than any double-edged 
   sword, it penetrates even to dividing soul and spirit, joints and marrow; 
              it judges the thoughts and attitudes of the heart."  
---------------------------- Hebrews 4:12 (niv) ------------------------------