Bug 1956086
| Summary: | SELinux is preventing mktemp from using the dac_read_search capability. | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora Modules | Reporter: | Jeff <sandhillsinvestment> | ||||
| Component: | setools | Assignee: | Vit Mojzis <vmojzis> | ||||
| Status: | CLOSED DEFERRED | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | unspecified | CC: | sandhillsinvestment, vmojzis | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | --- | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2021-11-23 02:06:49 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Closed due to EOL fedora 33. error has mostly cleared in later versions. |
Created attachment 1778609 [details] The SELinux error Description of problem: SELinux gave me the above message with this suggested action in the details. "Turn on full auditing # auditctl -w /etc/shadow -p w Try to recreate AVC. Then execute # ausearch -m avc -ts recent If you see PATH record check ownership/permissions on file, and fix it, otherwise report as a bugzilla." I followed the suggested steps with this result. "[root@eagle lib]# auditctl -w /etc/shadow -p w [root@eagle lib]# ausearch -m avc -ts recent <no matches>" Version-Release number of selected component (if applicable): 4.3.0-5.fc33 How reproducible: wait and the report returns Steps to Reproduce: 1. Uncertain since the error appears automatically. 2. 3. Actual results: SELinux error appears at about 3:45 AM local time Expected results: No SELinux errors Additional info: My system is running with SELinux in permissive mode, and is daily updated. This error has appeared many times in the past several days. I have to keep clearing the alerts.