Description of problem: On every boot dnssec-trigger-skript receives a "Permission denied" when trying to backup /etc/resolv.conf. SELinux is preventing dnssec-trigger- from 'create' accesses on the lnk_file resolv.conf.backup. ***** Plugin catchall (100. confidence) suggests ************************** If sie denken, dass es dnssec-trigger- standardmässig erlaubt sein sollte, create Zugriff auf resolv.conf.backup lnk_file zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # grep dnssec-trigger- /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:dnssec_trigger_t:s0 Target Context system_u:object_r:dnssec_trigger_var_run_t:s0 Target Objects resolv.conf.backup [ lnk_file ] Source dnssec-trigger- Source Path dnssec-trigger- Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-158.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.2.7-300.fc23.x86_64 #1 SMP Wed Dec 9 22:28:30 UTC 2015 x86_64 x86_64 Alert Count 31 First Seen 2015-12-01 09:17:06 CET Last Seen 2015-12-18 13:40:08 CET Local ID 8828f383-23b6-46e4-abfa-e1316d362e56 Raw Audit Messages type=AVC msg=audit(1450442408.514:163): avc: denied { create } for pid=1146 comm="dnssec-trigger-" name="resolv.conf.backup" scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:dnssec_trigger_var_run_t:s0 tclass=lnk_file permissive=0 Hash: dnssec-trigger-,dnssec_trigger_t,dnssec_trigger_var_run_t,lnk_file,create Version-Release number of selected component: selinux-policy-3.13.1-158.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.7-300.fc23.x86_64 type: libreport
https://github.com/fedora-selinux/selinux-policy/commit/63db73dd80e6e54972b5b2461a683ba828d77c63
selinux-policy-3.13.1-158.2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-7cb7ac5cb9
selinux-policy-3.13.1-158.2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-7cb7ac5cb9
selinux-policy-3.13.1-158.2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.