Description of problem: SELinux is preventing sh from 'execute_no_trans' accesses on the file /usr/libexec/pcp/bin/pmcpp. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that sh should be allowed execute_no_trans access on the pmcpp file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep sh /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:pcp_pmlogger_t:s0-s0:c0.c1023 Target Context system_u:object_r:bin_t:s0 Target Objects /usr/libexec/pcp/bin/pmcpp [ file ] Source sh Source Path sh Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages pcp-3.10.6-1.fc22.x86_64 Policy RPM selinux-policy-3.13.1-128.12.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.1.6-200.fc22.x86_64 #1 SMP Mon Aug 17 19:54:31 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-09-01 00:10:13 ART Last Seen 2015-09-01 00:10:13 ART Local ID 7a51cbf1-45a9-40b0-a984-d78bb23e31ef Raw Audit Messages type=AVC msg=audit(1441077013.143:11121): avc: denied { execute_no_trans } for pid=2477 comm="sh" path="/usr/libexec/pcp/bin/pmcpp" dev="dm-1" ino=1498737 scontext=system_u:system_r:pcp_pmlogger_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0 Hash: sh,pcp_pmlogger_t,bin_t,file,execute_no_trans Version-Release number of selected component: selinux-policy-3.13.1-128.12.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.6-200.fc22.x86_64 type: libreport
commit c81e5c74a20cfe31b543982f7cf5fa57eed29d76 Author: Lukas Vrabec <lvrabec> Date: Fri Oct 9 14:09:58 2015 +0200 Allow pcp_pmlogger to exec bin_t BZ(#1258698)
selinux-policy-3.13.1-128.18.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-946cd8d690
selinux-policy-3.13.1-128.18.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update selinux-policy' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-946cd8d690
selinux-policy-3.13.1-128.18.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.