Hide Forgot
Description of problem: I just booted my laptop and logged in, then the SELinux denial notification popped up. SELinux is preventing NetworkManager from 'read' accesses on the directory /etc/NetworkManager. ***** Plugin restorecon (94.8 confidence) suggests ************************ If you want to fix the label. /etc/NetworkManager default label should be NetworkManager_etc_t. Then you can run restorecon. Do # /sbin/restorecon -v /etc/NetworkManager ***** Plugin catchall_labels (5.21 confidence) suggests ******************* If you want to allow NetworkManager to have read access on the NetworkManager directory Then you need to change the label on /etc/NetworkManager Do # semanage fcontext -a -t FILE_TYPE '/etc/NetworkManager' where FILE_TYPE is one of the following: NetworkManager_etc_rw_t, NetworkManager_etc_t, NetworkManager_initrc_exec_t, NetworkManager_tmp_t, NetworkManager_unit_file_t, NetworkManager_var_lib_t, NetworkManager_var_run_t, abrt_unit_file_t, accountsd_unit_file_t, alsa_home_t, alsa_unit_file_t, amanda_unit_file_t, antivirus_home_t, antivirus_unit_file_t, apcupsd_unit_file_t, apmd_unit_file_t, arpwatch_unit_file_t, audio_home_t, auditd_unit_file_t, auth_home_t, automount_unit_file_t, avahi_unit_file_t, bcfg2_unit_file_t, bin_t, bluetooth_unit_file_t, boinc_unit_file_t, boot_t, brltty_unit_file_t, bumblebee_unit_file_t, cache_home_t, cert_t, cgroup_t, chrome_sandbox_home_t, chronyd_unit_file_t, cinder_api_unit_file_t, cinder_backup_unit_file_t, cinder_scheduler_unit_file_t, cinder_volume_unit_file_t, cloud_init_unit_file_t, cluster_unit_file_t, cockpit_unit_file_t, collectd_unit_file_t, colord_unit_file_t, condor_unit_file_t, config_home_t, conman_unit_file_t, consolekit_unit_file_t, consolekit_var_run_t, couchdb_unit_file_t, crond_unit_file_t, cupsd_unit_file_t, cvs_home_t, data_home_t, dbus_home_t, dbusd_etc_t, debugfs_t, device_t, devpts_t, dhcp_etc_t, dhcpc_state_t, dhcpd_unit_file_t, dirsrvadmin_unit_file_t, dnsmasq_unit_file_t, dnssec_trigger_unit_file_t, etc_runtime_t, etc_t, fetchmail_home_t, file_context_t, firewalld_unit_file_t, fonts_cache_t, fonts_t, freeipmi_bmc_watchdog_unit_file_t, freeipmi_ipmidetectd_unit_file_t, freeipmi_ipmiseld_unit_file_t, ftpd_unit_file_t, gconf_home_t, gear_unit_file_t, getty_unit_file_t, git_user_content_t, gkeyringd_gnome_home_t, glance_api_unit_file_t, glance_registry_unit_file_t, glance_scrubber_unit_file_t, gnome_home_t, gpg_secret_t, gssproxy_unit_file_t, gstreamer_home_t, haproxy_unit_file_t, home_bin_t, home_cert_t, home_root_t, hostapd_unit_file_t, hsqldb_unit_file_t, httpd_unit_file_t, httpd_user_content_t, httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, httpd_user_script_exec_t, hypervkvp_unit_file_t, hypervvssd_unit_file_t, icc_data_home_t, iceauth_home_t, init_var_run_t, innd_unit_file_t, iodined_unit_file_t, ipa_otpd_unit_file_t, ipsec_mgmt_unit_file_t, iptables_unit_file_t, irc_home_t, irc_tmp_t, irssi_home_t, iscsi_unit_file_t, jetty_unit_file_t, kdump_unit_file_t, keepalived_unit_file_t, keystone_unit_file_t, kismet_home_t, kmscon_unit_file_t, krb5_home_t, ksmtuned_unit_file_t, ktalkd_unit_file_t, lib_t, local_login_home_t, locale_t, lsmd_unit_file_t, lttng_sessiond_unit_file_t, lvm_unit_file_t, mail_home_rw_t, mail_home_t, man_cache_t, man_t, mandb_home_t, mdadm_unit_file_t, mip6d_unit_file_t, modemmanager_unit_file_t, mongod_unit_file_t, motion_unit_file_t, mozilla_home_t, mpd_home_t, mpd_user_data_t, mplayer_home_t, mysqld_home_t, mysqld_unit_file_t, named_cache_t, named_unit_file_t, net_conf_t, netlabel_mgmt_unit_file_t, neutron_unit_file_t, nfsd_unit_file_t, ninfod_unit_file_t, nis_unit_file_t, nova_unit_file_t, nscd_unit_file_t, nscd_var_run_t, ntpd_unit_file_t, numad_unit_file_t, nut_unit_file_t, oddjob_unit_file_t, openshift_var_lib_t, opensm_unit_file_t, openvpn_etc_t, openvswitch_unit_file_t, openwsman_unit_file_t, pdns_unit_file_t, pesign_unit_file_t, phc2sys_unit_file_t, pkcs11proxyd_unit_file_t, pki_tomcat_unit_file_t, polipo_cache_home_t, polipo_config_home_t, polipo_unit_file_t, postfix_postdrop_t, postgresql_unit_file_t, power_unit_file_t, pppd_unit_file_t, pppd_var_run_t, proc_t, procmail_home_t, prosody_unit_file_t, ptp4l_unit_file_t, pulseaudio_home_t, rabbitmq_unit_file_t, radiusd_unit_file_t, rasdaemon_unit_file_t, rdisc_unit_file_t, redis_unit_file_t, rhev_agentd_unit_file_t, rhnsd_unit_file_t, rlogind_home_t, rngd_unit_file_t, rolekit_unit_file_t, root_t, rpcd_unit_file_t, rpm_var_cache_t, rpm_var_lib_t, rssh_ro_t, rssh_rw_t, rtas_errd_unit_file_t, samba_etc_t, samba_unit_file_t, sandbox_file_t, sanlk_resetd_unit_file_t, sanlock_unit_file_t, screen_home_t, security_t, selinux_config_t, sensord_unit_file_t, shell_exec_t, slapd_unit_file_t, spamc_home_t, speech-dispatcher_home_t, speech-dispatcher_unit_file_t, src_t, ssh_home_t, sshd_keygen_unit_file_t, sshd_unit_file_t, sslh_unit_file_t, sssd_public_t, sssd_unit_file_t, svirt_home_t, svnserve_unit_file_t, swift_unit_file_t, sysfs_t, syslogd_unit_file_t, system_conf_t, system_db_t, systemd_home_t, systemd_logind_sessions_t, systemd_logind_var_run_t, systemd_networkd_unit_file_t, systemd_passwd_var_run_t, systemd_runtime_unit_file_t, systemd_timedated_unit_file_t, systemd_unit_file_t, systemd_vconsole_unit_file_t, targetd_unit_file_t, telepathy_cache_home_t, telepathy_data_home_t, telepathy_gabble_cache_home_t, telepathy_logger_cache_home_t, telepathy_logger_data_home_t, telepathy_mission_control_cache_home_t, telepathy_mission_control_data_home_t, telepathy_mission_control_home_t, telepathy_sunshine_home_t, texlive_home_t, textrel_shlib_t, thumb_home_t, timemaster_unit_file_t, tmp_t, tomcat_unit_file_t, tor_unit_file_t, tvtime_home_t, udev_var_run_t, uml_ro_t, uml_rw_t, usbmuxd_unit_file_t, user_fonts_cache_t, user_fonts_config_t, user_fonts_t, user_home_dir_t, user_home_t, user_tmp_t, usr_t, var_lib_t, var_log_t, var_run_t, virt_content_t, virt_home_t, virtd_unit_file_t, vmtools_unit_file_t, vmware_conf_t, vmware_file_t, wine_home_t, wireshark_home_t, xauth_home_t, xdm_home_t, ypbind_unit_file_t, zebra_unit_file_t, zoneminder_unit_file_t. Then execute: restorecon -v '/etc/NetworkManager' ***** Plugin catchall (1.44 confidence) suggests ************************** If you believe that NetworkManager should be allowed read access on the NetworkManager directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep NetworkManager /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:NetworkManager_t:s0 Target Context system_u:object_r:unlabeled_t:s0 Target Objects /etc/NetworkManager [ dir ] Source NetworkManager Source Path NetworkManager Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages initscripts-9.65-1.fc23.x86_64 dhcp- client-4.3.3-8.P1.fc23.x86_64 NetworkManager-1.0.10-3.fc23.x86_64 NetworkManager-config-connectivity- fedora-1.0.10-3.fc23.x86_64 Policy RPM selinux-policy-3.13.1-158.11.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.4.6-300.fc23.x86_64 #1 SMP Wed Mar 16 22:10:37 UTC 2016 x86_64 x86_64 Alert Count 46806 First Seen 2016-03-22 16:43:00 CET Last Seen 2016-03-26 03:34:27 CET Local ID 59e6a2f4-75e2-40a6-b71f-d62fe5f04da4 Raw Audit Messages type=AVC msg=audit(1458959667.962:377): avc: denied { read } for pid=964 comm="gmain" name="NetworkManager" dev="sda4" ino=6160603 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=0 Hash: NetworkManager,NetworkManager_t,unlabeled_t,dir,read Version-Release number of selected component: selinux-policy-3.13.1-158.11.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.4.6-300.fc23.x86_64 type: libreport Potential duplicate: bug 706572
restorecon -R -v /etc You seem to have labeling issues.