Sažetak:

SELinux is preventing updatedb (locate_t) "search" to / (unlabeled_t).

Detaljan opis:

[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]

SELinux denied access requested by updatedb. It is not expected that this access
is required by updatedb and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Dopuštanje pristupa:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for /,

restorecon -v '/'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Dodatni podaci:

Izvorni kontekst              system_u:system_r:locate_t:s0
Ciljani kontekst              system_u:object_r:unlabeled_t:s0
Ciljani objekti               / [ dir ]
Source                        updatedb
Source Path                   /usr/bin/updatedb
Port                          <Nepoznato>
Host                          valent.oswireless
Source RPM Packages           mlocate-0.18-1
Target RPM Packages           filesystem-2.4.11-1.fc8
RPM pravila                   selinux-policy-3.0.8-93.fc8
Selinux je omogućen          True
Vrsta pravila                 targeted
MLS je omogućen              True
Način prisile                Permissive
Naziv dodatka                 catchall_file
Naziv računala               valent.oswireless
Platforma                     Linux valent.oswireless 2.6.24.3-34.fc8 #1 SMP Wed
                              Mar 12 18:17:20 EDT 2008 i686 i686
Broj uzbuna                   1
First Seen                    Pon 17 Ožu 2008 10:15:48
Last Seen                     Pon 17 Ožu 2008 10:15:48
Local ID                      10c13adf-7cc2-4be6-a443-a32cabfffa96
Brojevi redaka                

Sirova poruke revizije        

host=valent.oswireless type=AVC msg=audit(1205745348.737:58): avc:  denied  { search } for  pid=11206 comm="updatedb" name="/" dev=loop0 ino=2 scontext=system_u:system_r:locate_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir

host=valent.oswireless type=SYSCALL msg=audit(1205745348.737:58): arch=40000003 syscall=12 success=yes exit=0 a0=87b8d31 a1=8000 a2=bfedcb40 a3=87b8d31 items=0 ppid=11200 pid=11206 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:locate_t:s0 key=(null)