Description of problem: SELinux is preventing dhclient-script from 'execute' accesses on the file /usr/libexec/chrony-helper. ***** Plugin catchall (100. confidence) suggests ************************** If si crede che dhclient-script dovrebbe avere possibilità di accesso execute sui chrony-helper file in modo predefinito. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do consentire questo accesso per il momento eseguendo: # grep dhclient-script /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:dhcpc_t:s0 Target Context system_u:object_r:chronyd_exec_t:s0 Target Objects /usr/libexec/chrony-helper [ file ] Source dhclient-script Source Path dhclient-script Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages chrony-2.1.1-1.fc22.x86_64 Policy RPM selinux-policy-3.13.1-128.10.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.2.0-0.rc5.git2.1.fc24.x86_64 #1 SMP Wed Aug 5 15:05:13 UTC 2015 x86_64 x86_64 Alert Count 3 First Seen 2015-08-22 18:06:11 CEST Last Seen 2015-08-23 09:41:12 CEST Local ID c3338c78-2cdb-4f92-9e3f-3b8014de9cdc Raw Audit Messages type=AVC msg=audit(1440315672.691:540): avc: denied { execute } for pid=2233 comm="dhclient-script" name="chrony-helper" dev="dm-1" ino=350677 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:chronyd_exec_t:s0 tclass=file permissive=0 Hash: dhclient-script,dhcpc_t,chronyd_exec_t,file,execute Version-Release number of selected component: selinux-policy-3.13.1-128.10.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.2.0-0.rc5.git2.1.fc24.x86_64 type: libreport
commit 85dbf965f1001b836249240fffbde332012bc776 Author: Lukas Vrabec <lvrabec> Date: Thu Aug 27 11:17:52 2015 +0200 Allow dhcpc_t domain transition to chronyd_t
selinux-policy-3.13.1-128.13.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-15798
selinux-policy-3.13.1-128.13.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-15798
selinux-policy-3.13.1-128.13.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.