+++ This bug was initially created as a clone of Bug #1264493 +++ Description of problem: New user login as admin and new connection on mobile device hotspot SELinux is preventing rhsmd from 'write' accesses on the directory /sys/fs/fuse/connections. ***** Plugin restorecon (99.5 confidence) suggests ************************ If you want to fix the label. /sys/fs/fuse/connections default label should be sysfs_t. Then you can run restorecon. Do # /sbin/restorecon -v /sys/fs/fuse/connections ***** Plugin catchall (1.49 confidence) suggests ************************** If you believe that rhsmd should be allowed write access on the connections directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep rhsmd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:rhsmcertd_t:s0-s0:c0.c1023 Target Context system_u:object_r:fusefs_t:s0 Target Objects /sys/fs/fuse/connections [ dir ] Source rhsmd Source Path rhsmd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-105.20.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.0.4-201.fc21.x86_64 #1 SMP Thu May 21 15:58:47 UTC 2015 x86_64 x86_64 Alert Count 4 First Seen 2015-09-18 17:10:08 CEST Last Seen 2015-09-18 17:10:08 CEST Local ID f18d7145-2c07-4e80-83da-32db79d6998f Raw Audit Messages type=AVC msg=audit(1442589008.143:1222): avc: denied { write } for pid=20949 comm="rhsmd" name="/" dev="fusectl" ino=1 scontext=system_u:system_r:rhsmcertd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir permissive=0 Hash: rhsmd,rhsmcertd_t,fusefs_t,dir,write Version-Release number of selected component: selinux-policy-3.13.1-105.20.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 4.0.4-201.fc21.x86_64 type: libreport --- Additional comment from David Poulsen on 2015-09-21 15:33:45 EDT --- Description of problem: Reboot after software updates and installatino Version-Release number of selected component: selinux-policy-3.13.1-105.20.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 4.0.4-201.fc21.x86_64 type: libreport --- Additional comment from Miroslav Grepl on 2015-10-12 07:21:07 EDT --- You can allow it using # grep rhsmcertd_t /var/log/audit/audit.log |audit2allow -M mypol # semodule -i mypol.pp to make it working on F21. If we see it on F22+ we will fix it in the policy. Thank you.
setroubleshoot plugin does a wrong job here. The problem is with filesystem labeling and we should exclude it.
This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle. Changing version to '24'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase
https://github.com/fedora-selinux/setroubleshoot/commit/82a6f1cdf716513d63b3908ebe419eaf077bd74d
setroubleshoot-plugins-3.3.6-1.fc24 setroubleshoot-3.3.11-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-f674585532
setroubleshoot-plugins-3.3.6-1.fc23 setroubleshoot-3.3.11-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbabb907e
setroubleshoot-3.3.11-1.fc24, setroubleshoot-plugins-3.3.6-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-f674585532
setroubleshoot-3.3.11-1.fc23, setroubleshoot-plugins-3.3.6-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbabb907e
setroubleshoot-3.3.11-1.fc24, setroubleshoot-plugins-3.3.6-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
setroubleshoot-3.3.11-1.fc23, setroubleshoot-plugins-3.3.6-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.