Description of problem: SELinux is preventing systemctl from 'write' accesses on the chr_file kmsg. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that systemctl should be allowed write access on the kmsg chr_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'systemctl' --raw | audit2allow -M my-systemctl # semodule -X 300 -i my-systemctl.pp Additional Information: Source Context system_u:system_r:logrotate_t:s0-s0:c0.c1023 Target Context system_u:object_r:kmsg_device_t:s0 Target Objects kmsg [ chr_file ] Source systemctl Source Path systemctl Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-158.15.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.4.8-300.fc23.x86_64 #1 SMP Wed Apr 20 16:59:27 UTC 2016 x86_64 x86_64 Alert Count 4 First Seen 2016-05-16 03:28:02 EDT Last Seen 2016-06-06 03:44:01 EDT Local ID d9eb38ff-1243-44ec-8aa0-f68d6bec3a22 Raw Audit Messages type=AVC msg=audit(1465199041.992:27846): avc: denied { write } for pid=22100 comm="systemctl" name="kmsg" dev="devtmpfs" ino=1047 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:kmsg_device_t:s0 tclass=chr_file permissive=0 Hash: systemctl,logrotate_t,kmsg_device_t,chr_file,write Version-Release number of selected component: selinux-policy-3.13.1-158.15.fc23.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.4-301.fc24.x86_64 type: libreport Potential duplicate: bug 1295508
Description of problem: Not sure what caused this. Version-Release number of selected component: selinux-policy-3.13.1-158.15.fc23.noarch Additional info: reporter: libreport-2.7.2 hashmarkername: setroubleshoot kernel: 4.6.4-301.fc24.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 1295508 ***