Description of problem: I encountered this - and ~20 of other similar problems - while Abrt was collecting info for another bug report SELinux is preventing gpg2 from 'write' accesses on the directory /root. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gpg2 should be allowed write access on the root directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep gpg2 /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:fwupd_t:s0-s0:c0.c1023 Target Context system_u:object_r:admin_home_t:s0 Target Objects /root [ dir ] Source gpg2 Source Path gpg2 Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages filesystem-3.2-37.fc24.x86_64 Policy RPM selinux-policy-3.13.1-176.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.5.0-0.rc7.git0.2.fc24.x86_64 #1 SMP Tue Mar 8 02:20:08 UTC 2016 x86_64 x86_64 Alert Count 1 First Seen 2016-03-10 22:39:56 CET Last Seen 2016-03-10 22:39:56 CET Local ID 86eb7411-d5e6-40ef-bd5e-3137929dd975 Raw Audit Messages type=AVC msg=audit(1457645996.510:339): avc: denied { write } for pid=2274 comm="gpg2" name="root" dev="vda3" ino=263 scontext=system_u:system_r:fwupd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir permissive=1 Hash: gpg2,fwupd_t,admin_home_t,dir,write Version-Release number of selected component: selinux-policy-3.13.1-176.fc24.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.5.0-0.rc7.git0.2.fc24.x86_64 type: libreport
Proposed as a Blocker for 24-final by Fedora user juliuxpigface using the blocker tracking app because: I've also encountered these issues (~ 20 denials) after installing the Fedora 24 Alpha 1.1 compose. So... The bug seems to violate the "2.4.4 SELinux and crash notifications" F24 Final Criterion. "There must be no SELinux denial notifications or crash notifications on boot of or during installation from a release-blocking live image, or at first login after a default install of a release-blocking desktop." Link: https://fedoraproject.org/wiki/Fedora_24_Final_Release_Criteria#SELinux_and_crash_notifications
*** Bug 1317295 has been marked as a duplicate of this bug. ***
*** Bug 1317061 has been marked as a duplicate of this bug. ***
*** Bug 1304008 has been marked as a duplicate of this bug. ***
selinux-policy-3.13.1-179.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f142bb969
selinux-policy-3.13.1-179.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f142bb969
selinux-policy-3.13.1-179.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.