# semodule -l | grep avahi avahi 1.7.0 for logging all the denials: # echo 0 > /selinux/enforce type=1404 audit(1211298124.103:766): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295 # run_init /etc/init.d/avahi-daemon start Authenticating root. Password: * Service avahi-daemon starting * Service avahi-daemon started type=1400 audit(1211298174.871:767): avc: denied { setattr } for pid=23611 comm="avahi-daemon" name="avahi-daemon" dev=md3 ino=17335972 scontext=user_u:system_r:avahi_t tcontext=user_u:object_r:var_run_t tclass=dir warning: `avahi-daemon' uses 32-bit capabilities (legacy support in use) type=1400 audit(1211298174.965:768): avc: denied { create } for pid=23611 comm="avahi-daemon" name="socket" scontext=user_u:system_r:avahi_t tcontext=user_u:object_r:var_run_t tclass=sock_file and within the enforced mode it doesn't work: # echo 1 > /selinux/enforce # run_init /etc/init.d/avahi-daemon stop Authenticating root. Password: * Service avahi-daemon stopping * Service avahi-daemon stopped # run_init /etc/init.d/avahi-daemon start Authenticating root. Password: * Service avahi-daemon starting [ !! ] * ERROR: avahi-daemon failed to start Reproducible: Always # emerge --info * Overlay eclasses override eclasses from PORTDIR: * * '/usr/portage/local/layman/java-gcj-overlay/eclass/java-osgi.eclass' * '/usr/portage/local/layman/java-gcj-overlay/eclass/java-pkg-2.eclass' * '/usr/portage/local/layman/java-gcj-overlay/eclass/java-pkg-opt-2.eclass' * '/usr/portage/local/layman/java-gcj-overlay/eclass/java-utils-2.eclass' * '/usr/overlay/eclass/mercurial.eclass' * * It is best to avoid overridding eclasses from PORTDIR because it will * trigger invalidation of cached ebuild metadata that is distributed with * the portage tree. If you must override eclasses from PORTDIR then you * are advised to run `emerge --regen` after each time that you run `emerge * --sync`. Set PORTAGE_ECLASS_WARNING_ENABLE="0" in /etc/make.conf if you * would like to disable this warning. Portage 2.1.4.4 (selinux/2007.0/x86, gcc-4.2.2, glibc-2.6.1-r0, 2.6.25_port4 i686) ================================================================= System uname: 2.6.25_port4 i686 Intel(R) Pentium(R) M processor 2.00GHz Timestamp of tree: Mon, 19 May 2008 19:00:01 +0000 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.4 [disabled] app-shells/bash: 3.2_p17-r1 dev-java/java-config: 1.3.7, 2.1.6 dev-lang/python: 2.4.4-r9, 2.5.1-r4 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.23-r3 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O1 -pipe -g -ggdb" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-O1 -pipe -g -ggdb" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks loadpolicy metadata-transfer nostrip parallel-fetch sandbox selinux sesandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="en_US.utf8" LC_ALL="en_US.utf8" LINGUAS="en en_GB en_US" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/pro-audio /usr/portage/local/layman/sunrise /usr/portage/local/layman/custom-kernels /usr/portage/local/layman/java-overlay /usr/portage/local/layman/java-gcj-overlay /usr/portage/local/layman/zugaina /usr/portage/local/layman/springlobby /usr/overlay /usr/overlay" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="7zip X a52 aac acpi adns aiglx alsa amr apache2 asf bash-completion berkdb bl blender-game bluetooth branding cdda cddb cdparanoia chardet clearcase cli contrarius cracklib cran crypt css cups cvs dbus dga dia divx dri dts dv dvb dvd dvdnav dvdr dvdread editor effects enca encode examples exif expat fam fat ffmpeg firefox flac foomaticdb fping fuse gcj gdbm gif gimp gimpprint glsa gmedia gmp gnutls gpm gstreamer gtk hfs httpd iconv ieee1394 imagemagick inkjar inquisitio irmc isdnlog jabber jfs jpeg jpeg2k kde kerberos kqemu lcms ldap libnotify lzo mad maps matroska midi mikmod mjpeg mmx mmxext mng modplug mp2 mp3 mp4 mpi mplayer mudflap musepack ncurses nfs nptl nptlonly nsplugin ntfs ofa ogg openal openexr openmp p2p pam pcre perforce perl php plugin png pnm postscript ppds pppd python qa qt3 quicktime quotas readline realmedia reflection reiser4 reiserfs rt2500pci rtc rtsp samba sasl scenarios sdl selinux session skins slang sox speex spell spl srteam sse sse2 ssl stream subtitles subversion svg swat tga theora tiff timidity tordns truetype tta unicode usb v4l vcd vidx vlm vorbis wavpack wifi wma wmf wmp wxwindows x86 xanim xfs xine xml xorg xprint xv xvid xvmc yahoo yv12 zlib zrtp zsh" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="access auth auth_dbm auth_anon auth_digest alias file-cache echo charset-lite cache disk-cache mem-cache ext-filter case_filter case-filter-in deflate mime-magic cern-meta expires headers usertrack unique-id proxy proxy-connect proxy-ftp proxy-http info include cgi cgid dav dav-fs vhost-alias speling rewrite log_config logio env setenvif mime status autoindex asis negotiation dir imap actions userdir so filter unique_id authz_host" ELIBC="glibc" INPUT_DEVICES="wacom evdev keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en en_GB en_US" USERLAND="GNU" VIDEO_CARDS="radeon" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
looks like a labeling problem; restorecon -R /var/run/avahi-daemon
should be fixed in 2.x policy. please reopen if this is not the case.