Description of problem: On clean boot SELinux is preventing (coredump) from 'mounton' accesses on the directory /etc. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow (coredump) to have mounton access on the etc directory Then l'étiquette sur /etc doit être modifiée. Do # semanage fcontext -a -t FILE_TYPE '/etc' où FILE_TYPE est l'une des valeurs suivantes : admin_home_t, anon_inodefs_t, audit_spool_t, auditd_log_t, autofs_t, automount_tmp_t, bacula_store_t, binfmt_misc_fs_t, boot_t, capifs_t, cgroup_t, cifs_t, debugfs_t, default_t, device_t, devpts_t, dnssec_t, dosfs_t, ecryptfs_t, efivarfs_t, fusefs_t, home_root_t, hugetlbfs_t, ifconfig_var_run_t, init_var_run_t, initrc_tmp_t, iso9660_t, kdbusfs_t, mail_spool_t, mnt_t, mqueue_spool_t, named_conf_t, news_spool_t, nfs_t, nfsd_fs_t, openshift_tmp_t, openshift_var_lib_t, oracleasmfs_t, proc_t, proc_xen_t, pstore_t, public_content_rw_t, public_content_t, ramfs_t, random_seed_t, removable_t, root_t, rpc_pipefs_t, security_t, spufs_t, src_t, svirt_sandbox_file_t, sysctl_fs_t, sysctl_t, sysfs_t, sysv_t, tmp_t, tmpfs_t, unlabeled_t, usbfs_t, user_home_dir_t, user_home_t, user_tmp_t, usr_t, var_lib_nfs_t, var_lib_t, var_lock_t, var_log_t, var_run_t, var_t, virt_image_t, virt_var_lib_t, vmblock_t, vxfs_t, xend_var_lib_t, xend_var_run_t, xenfs_t, xenstored_var_lib_t. Puis exécutez : restorecon -v '/etc' ***** Plugin catchall (17.1 confidence) suggests ************************** If vous pensez que (coredump) devrait être autorisé à accéder mounton sur etc directory par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep (coredump) /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:etc_t:s0 Target Objects /etc [ dir ] Source (coredump) Source Path (coredump) Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages filesystem-3.2-37.fc24.x86_64 Policy RPM selinux-policy-3.13.1-175.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.5.0-0.rc5.git0.2.fc24.x86_64 #1 SMP Thu Feb 25 11:01:39 UTC 2016 x86_64 x86_64 Alert Count 95 First Seen 2016-02-25 13:02:40 CET Last Seen 2016-02-28 12:03:57 CET Local ID b7886ce6-d338-465a-acc3-fcc36c5c9347 Raw Audit Messages type=AVC msg=audit(1456657437.157:349): avc: denied { mounton } for pid=1933 comm="(coredump)" path="/etc" dev="dm-0" ino=654082 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0 Hash: (coredump),init_t,etc_t,dir,mounton Version-Release number of selected component: selinux-policy-3.13.1-175.fc24.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.5.0-0.rc5.git0.2.fc24.x86_64 type: libreport Potential duplicate: bug 1311532
*** This bug has been marked as a duplicate of bug 1311532 ***