Description of problem: This occured during normal automatic operation. SELinux is preventing chronyc from 'write' accesses on the directory chrony. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that chronyc should be allowed write access on the chrony directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'chronyc' --raw | audit2allow -M my-chronyc # semodule -X 300 -i my-chronyc.pp Additional Information: Source Context system_u:system_r:logrotate_t:s0-s0:c0.c1023 Target Context system_u:object_r:chronyd_var_run_t:s0 Target Objects chrony [ dir ] Source chronyc Source Path chronyc Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-191.5.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.6.4-301.fc24.x86_64 #1 SMP Tue Jul 12 11:50:00 UTC 2016 x86_64 x86_64 Alert Count 4 First Seen 2016-06-06 05:06:05 PDT Last Seen 2016-07-25 00:06:18 PDT Local ID 60264b50-64f7-49c8-897c-2cbb28a1e2f8 Raw Audit Messages type=AVC msg=audit(1469430378.277:292): avc: denied { write } for pid=16793 comm="chronyc" name="chrony" dev="tmpfs" ino=21039 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:chronyd_var_run_t:s0 tclass=dir permissive=0 Hash: chronyc,logrotate_t,chronyd_var_run_t,dir,write Version-Release number of selected component: selinux-policy-3.13.1-191.5.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.4-301.fc24.x86_64 type: libreport
Description of problem: This happened during normal unattended operation. config file available upon request. Version-Release number of selected component: selinux-policy-3.13.1-191.8.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.4-301.fc24.x86_64 type: libreport
Description of problem: seen during normal unattended operation. Version-Release number of selected component: selinux-policy-3.13.1-191.12.fc24.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.6-300.fc24.x86_64 type: libreport
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
If it helps, I'm seeing this once or twice a day with selinux-policy-3.13.1-191.19.fc24.noarch.
selinux-policy-3.13.1-191.21.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-abb3ede5d5
selinux-policy-3.13.1-191.21.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-abb3ede5d5
selinux-policy-3.13.1-191.21.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
I no longer see the original error, but I see this one occasionally now: SELinux is preventing chronyc from create access on the sock_file chronyc.8214.sock. Shall I submit a new error report?