Description of problem: SELinux is preventing systemd-hostnam from 'open' accesses on the file /proc/xen/capabilities. ***** Plugin catchall (100. confidence) suggests ************************** If sie denken, dass es systemd-hostnam standardmässig erlaubt sein sollte, open Zugriff auf capabilities file zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # grep systemd-hostnam /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:systemd_hostnamed_t:s0 Target Context system_u:object_r:xenfs_t:s0 Target Objects /proc/xen/capabilities [ file ] Source systemd-hostnam Source Path systemd-hostnam Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-128.1.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 4.0.5-300.fc22.x86_64 #1 SMP Mon Jun 8 16:15:26 UTC 2015 x86_64 x86_64 Alert Count 12 First Seen 2015-06-15 14:20:32 CEST Last Seen 2015-06-15 20:47:11 CEST Local ID 5d8c7a21-8ed6-4e01-9c88-7dbadee7a06d Raw Audit Messages type=AVC msg=audit(1434394031.205:1168): avc: denied { open } for pid=12086 comm="systemd-hostnam" path="/proc/xen/capabilities" dev="xenfs" ino=3 scontext=system_u:system_r:systemd_hostnamed_t:s0 tcontext=system_u:object_r:xenfs_t:s0 tclass=file permissive=1 Hash: systemd-hostnam,systemd_hostnamed_t,xenfs_t,file,open Version-Release number of selected component: selinux-policy-3.13.1-128.1.fc22.noarch Additional info: reporter: libreport-2.6.0 hashmarkername: setroubleshoot kernel: 4.0.5-300.fc22.x86_64 type: libreport Potential duplicate: bug 1202330
Description of problem: Start Fedora 22 with xen Version-Release number of selected component: selinux-policy-3.13.1-128.16.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.10-200.fc22.x86_64 type: libreport
selinux-policy-3.13.1-128.19.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-5fab64b918
selinux-policy-3.13.1-128.19.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update selinux-policy' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-5fab64b918
selinux-policy-3.13.1-128.20.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-f396e330d9
selinux-policy-3.13.1-128.20.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update selinux-policy' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-f396e330d9
selinux-policy-3.13.1-128.21.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-1bbd3df966
selinux-policy-3.13.1-128.21.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update selinux-policy' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-1bbd3df966
selinux-policy-3.13.1-128.21.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.