SELinux is preventing restorecon (restorecon_t) "read write" to socket (rpm_t).
Bug #651516 reported by
Jeff Johnson
Bug watches keep track of this bug in other bug trackers.
Summary:
SELinux is preventing restorecon (restorecon_t) "read write" to socket (rpm_t).
Detailed Description:
SELinux denied access requested by restorecon. It is not expected that this
access is required by restorecon and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ fedora. redhat. com/docs/ selinux- faq-fc5/ #id2961385) Or you can disable bugzilla. redhat. com/bugzilla/ enter_bug. cgi)
(http://
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://
against this package.
Additional Information:
Source Context root:system_ r:restorecon_ t:SystemLow- SystemHigh r:rpm_t: SystemLow- SystemHigh -1.33.12- 14.el5 policy- 2.4.6-137. 1.el5
2.6.18- 92.el5xen #1 SMP Tue Jun 10 19:20:18 EDT
2008 x86_64 x86_64 b644-45be- 8ceb-dab3fd0d8c 37
Target Context root:system_
Target Objects socket [ tcp_socket ]
Source restorecon
Source Path /sbin/restorecon
Port <Unknown>
Host x
Source RPM Packages policycoreutils
Target RPM Packages
Policy RPM selinux-
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name x
Platform Linux x
Alert Count 7
First Seen Sat 04 Oct 2008 07:38:52 PM EDT
Last Seen Sat 04 Oct 2008 08:00:41 PM EDT
Local ID 23b41dee-
Line Numbers
Raw Audit Messages
host=x type=AVC msg=audit( 1223164841. 253:104) : avc: denied { read write } for pid=12341 comm="restorecon" path="socket: [79114] " dev=sockfs ino=79114 scontext= root:system_ r:restorecon_ t:s0-s0: c0.c1023 tcontext= root:system_ r:rpm_t: s0-s0:c0. c1023 tclass=tcp_socket
host=x type=AVC msg=audit( 1223164841. 253:104) : avc: denied { read write } for pid=12341 comm="restorecon" path="socket: [79127] " dev=sockfs ino=79127 scontext= root:system_ r:restorecon_ t:s0-s0: c0.c1023 tcontext= root:system_ r:rpm_t: s0-s0:c0. c1023 tclass=tcp_socket
host=x type=AVC msg=audit( 1223164841. 253:104) : avc: denied { read write } for pid=12341 comm="restorecon" path="socket: [79134] " dev=sockfs ino=79134 scontext= root:system_ r:restorecon_ t:s0-s0: c0.c1023 tcontext= root:system_ r:rpm_t: s0-s0:c0. c1023 tclass=tcp_socket
host=x type=AVC msg=audit( 1223164841. 253:104) : avc: denied { read write } for pid=12341 comm="restorecon" path="socket: [79142] " dev=sockfs ino=79142 scontext= root:system_ r:restorecon_ t:s0-s0: c0.c1023 tcontext= root:system_ r:rpm_t: s0-s0:c0. c1023 tclass=tcp_socket
host=x type=AVC msg=audit( 1223164841. 253:104) : avc: denied { write } for pid=12341 comm="restorecon" path="/ var/lib/ yum/transaction -done.2008- 10-04.19: 38.55" dev=dm-0 ino=119298...