Hide Forgot
Description of problem: Trying to (re)start dnssec-triggerd SELinux is preventing dnssec-trigger- from 'getattr' accesses on the directory /sys/fs/cgroup/systemd. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that dnssec-trigger- should be allowed getattr access on the systemd directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep dnssec-trigger- /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:dnssec_trigger_t:s0 Target Context system_u:object_r:cgroup_t:s0 Target Objects /sys/fs/cgroup/systemd [ dir ] Source dnssec-trigger- Source Path dnssec-trigger- Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-158.11.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.4.6-300.fc23.x86_64 #1 SMP Wed Mar 16 22:10:37 UTC 2016 x86_64 x86_64 Alert Count 1 First Seen 2016-03-29 23:47:37 CEST Last Seen 2016-03-29 23:47:37 CEST Local ID 713059a8-ad11-44d1-9ee9-de383c8a2c74 Raw Audit Messages type=AVC msg=audit(1459288057.139:654): avc: denied { getattr } for pid=23746 comm="dnssec-trigger-" path="/sys/fs/cgroup/systemd" dev="cgroup" ino=1 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir permissive=0 Hash: dnssec-trigger-,dnssec_trigger_t,cgroup_t,dir,getattr Version-Release number of selected component: selinux-policy-3.13.1-158.11.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.4.6-300.fc23.x86_64 type: libreport Potential duplicate: bug 1255990
*** This bug has been marked as a duplicate of bug 1255990 ***