Description of problem: Run sudo dracut -f SELinux is preventing /usr/sbin/ldconfig from 'write' accesses on the fifo_file . ***** Plugin leaks (86.2 confidence) suggests ***************************** If you want to ignore ldconfig trying to write access the fifo_file, because you believe it should not need this access. Then you should report this as a bug. You can generate a local policy module to dontaudit this access. Do # grep /usr/sbin/ldconfig /var/log/audit/audit.log | audit2allow -D -M mypol # semodule -i mypol.pp ***** Plugin catchall (14.7 confidence) suggests ************************** If you believe that ldconfig should be allowed write access on the fifo_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep ldconfig /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context staff_u:sysadm_r:ldconfig_t:s0-s0:c0.c1023 Target Context staff_u:object_r:user_tmp_t:s0 Target Objects [ fifo_file ] Source ldconfig Source Path /usr/sbin/ldconfig Port <Unknown> Host (removed) Source RPM Packages glibc-2.18-12.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-166.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.14.4-200.t440p.fc20.x86_64 #1 SMP PREEMPT Tue May 27 17:49:35 CST 2014 x86_64 x86_64 Alert Count 2 First Seen 2014-05-30 09:13:59 CST Last Seen 2014-05-30 09:16:26 CST Local ID c37b53e8-e178-4187-9c08-073f4d04f9dd Raw Audit Messages type=AVC msg=audit(1401407186.907:724): avc: denied { write } for pid=31198 comm="ldconfig" path="/var/tmp/dracut-log.MmJNgX/systemd-cat" dev="dm-8" ino=357475438 scontext=staff_u:sysadm_r:ldconfig_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:user_tmp_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1401407186.907:724): arch=x86_64 syscall=execve success=yes exit=0 a0=255fb80 a1=24758d0 a2=260eb10 a3=8 items=1 ppid=22820 pid=31198 auid=1343600009 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm=ldconfig exe=/usr/sbin/ldconfig subj=staff_u:sysadm_r:ldconfig_t:s0-s0:c0.c1023 key=(null) type=CWD msg=audit(1401407186.907:724): cwd=/ type=PATH msg=audit(1401407186.907:724): item=0 name=/usr/sbin/ldconfig inode=16809845 dev=fd:03 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ldconfig_exec_t:s0 nametype=NORMAL Hash: ldconfig,ldconfig_t,user_tmp_t,fifo_file,write Additional info: reporter: libreport-2.2.2 hashmarkername: setroubleshoot kernel: 3.14.4-200.t440p.fc20.x86_64 type: libreport
selinux-policy-3.12.1-167.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-167.fc20
Package selinux-policy-3.12.1-167.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-167.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-7240/selinux-policy-3.12.1-167.fc20 then log in and leave karma (feedback).
selinux-policy-3.12.1-171.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-171.fc20
Package selinux-policy-3.12.1-171.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-171.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-7499/selinux-policy-3.12.1-171.fc20 then log in and leave karma (feedback).
selinux-policy-3.12.1-171.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.