Bug 1956086
Summary: | SELinux is preventing mktemp from using the dac_read_search capability. | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora Modules | Reporter: | Jeff <sandhillsinvestment> | ||||
Component: | setools | Assignee: | Vit Mojzis <vmojzis> | ||||
Status: | CLOSED DEFERRED | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | unspecified | CC: | sandhillsinvestment, vmojzis | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | --- | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2021-11-23 02:06:49 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Closed due to EOL fedora 33. error has mostly cleared in later versions. |
Created attachment 1778609 [details] The SELinux error Description of problem: SELinux gave me the above message with this suggested action in the details. "Turn on full auditing # auditctl -w /etc/shadow -p w Try to recreate AVC. Then execute # ausearch -m avc -ts recent If you see PATH record check ownership/permissions on file, and fix it, otherwise report as a bugzilla." I followed the suggested steps with this result. "[root@eagle lib]# auditctl -w /etc/shadow -p w [root@eagle lib]# ausearch -m avc -ts recent <no matches>" Version-Release number of selected component (if applicable): 4.3.0-5.fc33 How reproducible: wait and the report returns Steps to Reproduce: 1. Uncertain since the error appears automatically. 2. 3. Actual results: SELinux error appears at about 3:45 AM local time Expected results: No SELinux errors Additional info: My system is running with SELinux in permissive mode, and is daily updated. This error has appeared many times in the past several days. I have to keep clearing the alerts.