This has appeared the past two mornings. The initial triggering event
was probably the last kernel update:
Dec 16 08:59:09 Installed: kernel-3.6.10-2.fc17.x86_64
**********************************
SELinux is preventing /usr/bin/df from getattr access on the directory
/sys/kernel/config.
***** Plugin restorecon (99.5 confidence) suggests
*************************
If you want to fix the label.
/sys/kernel/config default label should be sysfs_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /sys/kernel/config
***** Plugin catchall (1.49 confidence) suggests
***************************
If you believe that df should be allowed getattr access on the config
directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep df /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:logwatch_t:s0-s0:c0.c1023
Target Context system_u:object_r:configfs_t:s0
Target Objects /sys/kernel/config [ dir ]
Source df
Source Path /usr/bin/df
Port <Unknown>
Host sds-desk-2.sterndata.local
Source RPM Packages coreutils-8.15-9.fc17.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.10.0-161.fc17.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name sds-desk-2.sterndata.local
Platform Linux sds-desk-2.sterndata.local
3.6.10-2.fc17.x86_64 #1 SMP Tue Dec 11
18:07:34
UTC 2012 x86_64 x86_64
Alert Count 1
First Seen 2012-12-18 03:33:03 CST
Last Seen 2012-12-18 03:33:03 CST
Local ID 9f9df328-2e36-4b38-8e5b-ec1ee816c1e1
Raw Audit Messages
type=AVC msg=audit(1355823183.154:493): avc: denied { getattr } for
pid=31684 comm="df" path="/sys/kernel/config" dev="configfs"
ino=9139
scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023
tcontext=system_u:object_r:configfs_t:s0 tclass=dir
type=SYSCALL msg=audit(1355823183.154:493): arch=x86_64 syscall=stat
success=yes exit=0 a0=1078340 a1=7ffff0c48b90 a2=7ffff0c48b90
a3=3eb5b2f360 items=0 ppid=31683 pid=31684 auid=0 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=54 comm=df
exe=/usr/bin/df subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null)
Hash: df,logwatch_t,configfs_t,dir,getattr
audit2allow
#============= logwatch_t ==============
allow logwatch_t configfs_t:dir getattr;
audit2allow -R
#============= logwatch_t ==============
allow logwatch_t configfs_t:dir getattr;
--
-- Steve