Hide Forgot
Description of problem: I saw this everytime the system boot SELinux is preventing systemd-tmpfile from using the 'sys_admin' capabilities. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that systemd-tmpfile should have the sys_admin capability by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep systemd-tmpfile /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:systemd_tmpfiles_t:s0 Target Context system_u:system_r:systemd_tmpfiles_t:s0 Target Objects Unknown [ capability ] Source systemd-tmpfile Source Path systemd-tmpfile Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-152.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.2.5-300.fc23.x86_64 #1 SMP Tue Oct 27 04:29:56 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-11-09 07:52:54 MYT Last Seen 2015-11-09 07:52:54 MYT Local ID c0ab07d2-6ccd-4c40-a803-50ef2e4fae4d Raw Audit Messages type=AVC msg=audit(1447026774.146:637): avc: denied { sys_admin } for pid=3080 comm="systemd-tmpfile" capability=21 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:system_r:systemd_tmpfiles_t:s0 tclass=capability permissive=0 Hash: systemd-tmpfile,systemd_tmpfiles_t,systemd_tmpfiles_t,capability,sys_admin Version-Release number of selected component: selinux-policy-3.13.1-152.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.5-300.fc23.x86_64 type: libreport Potential duplicate: bug 984981
https://github.com/fedora-selinux/selinux-policy/commit/229a3478b788f1aadb4645c6f6260fdd7164e9b7
selinux-policy-3.13.1-155.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-0d84d6c75f
selinux-policy-3.13.1-155.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update selinux-policy' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-0d84d6c75f
selinux-policy-3.13.1-155.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.