Description of problem: Trying to (re)start dnssec-triggerd SELinux is preventing dnssec-trigger- from 'execute' accesses on the file /usr/sbin/ldconfig. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that dnssec-trigger- should be allowed execute access on the ldconfig file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep dnssec-trigger- /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:dnssec_trigger_t:s0 Target Context system_u:object_r:ldconfig_exec_t:s0 Target Objects /usr/sbin/ldconfig [ file ] Source dnssec-trigger- Source Path dnssec-trigger- Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages glibc-2.22-11.fc23.x86_64 Policy RPM selinux-policy-3.13.1-158.11.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.4.6-300.fc23.x86_64 #1 SMP Wed Mar 16 22:10:37 UTC 2016 x86_64 x86_64 Alert Count 1 First Seen 2016-03-29 23:47:37 CEST Last Seen 2016-03-29 23:47:37 CEST Local ID 062f6095-cb7a-451d-aa18-95633567355e Raw Audit Messages type=AVC msg=audit(1459288057.160:655): avc: denied { execute } for pid=23779 comm="dnssec-trigger-" name="ldconfig" dev="dm-0" ino=2367481 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file permissive=0 Hash: dnssec-trigger-,dnssec_trigger_t,ldconfig_exec_t,file,execute Version-Release number of selected component: selinux-policy-3.13.1-158.11.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.4.6-300.fc23.x86_64 type: libreport Potential duplicate: bug 1240842
*** This bug has been marked as a duplicate of bug 1240842 ***