AVC for df from logwatch

This has appeared the past two mornings. The initial triggering event was probably the last kernel update: Dec 16 08:59:09 Installed: kernel-3.6.10-2.fc17.x86_64 ********************************** SELinux is preventing /usr/bin/df from getattr access on the directory /sys/kernel/config. ***** Plugin restorecon (99.5 confidence) suggests ************************* If you want to fix the label. /sys/kernel/config default label should be sysfs_t. Then you can run restorecon. Do # /sbin/restorecon -v /sys/kernel/config ***** Plugin catchall (1.49 confidence) suggests *************************** If you believe that df should be allowed getattr access on the config directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep df /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:logwatch_t:s0-s0:c0.c1023 Target Context system_u:object_r:configfs_t:s0 Target Objects /sys/kernel/config [ dir ] Source df Source Path /usr/bin/df Port <Unknown> Host sds-desk-2.sterndata.local Source RPM Packages coreutils-8.15-9.fc17.x86_64 Target RPM Packages Policy RPM selinux-policy-3.10.0-161.fc17.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name sds-desk-2.sterndata.local Platform Linux sds-desk-2.sterndata.local 3.6.10-2.fc17.x86_64 #1 SMP Tue Dec 11 18:07:34 UTC 2012 x86_64 x86_64 Alert Count 1 First Seen 2012-12-18 03:33:03 CST Last Seen 2012-12-18 03:33:03 CST Local ID 9f9df328-2e36-4b38-8e5b-ec1ee816c1e1 Raw Audit Messages type=AVC msg=audit(1355823183.154:493): avc: denied { getattr } for pid=31684 comm="df" path="/sys/kernel/config" dev="configfs" ino=9139 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:configfs_t:s0 tclass=dir type=SYSCALL msg=audit(1355823183.154:493): arch=x86_64 syscall=stat success=yes exit=0 a0=1078340 a1=7ffff0c48b90 a2=7ffff0c48b90 a3=3eb5b2f360 items=0 ppid=31683 pid=31684 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=54 comm=df exe=/usr/bin/df subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null) Hash: df,logwatch_t,configfs_t,dir,getattr audit2allow #============= logwatch_t ============== allow logwatch_t configfs_t:dir getattr; audit2allow -R #============= logwatch_t ============== allow logwatch_t configfs_t:dir getattr; -- -- Steve