Description of problem: After upgrade to fedora 25, I received this alert. SELinux is preventing tumblerd from 'sendto' accesses on the unix_dgram_socket /run/systemd/journal/socket. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that tumblerd should be allowed sendto access on the socket unix_dgram_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'tumblerd' --raw | audit2allow -M my-tumblerd # semodule -X 300 -i my-tumblerd.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context system_u:system_r:kernel_t:s0 Target Objects /run/systemd/journal/socket [ unix_dgram_socket ] Source tumblerd Source Path tumblerd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-(none):3.13.1-224.fc25.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 4.8.8-300.fc25.x86_64 #1 SMP Tue Nov 15 18:10:06 UTC 2016 x86_64 x86_64 Alert Count 3 First Seen 2016-11-26 04:14:06 CST Last Seen 2016-11-26 04:41:54 CST Local ID cac7c377-0628-4f12-b5fa-27ac7c80a5f1 Raw Audit Messages type=AVC msg=audit(1480156914.222:333): avc: denied { sendto } for pid=9257 comm="tumblerd" path="/run/systemd/journal/socket" scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=unix_dgram_socket permissive=1 Hash: tumblerd,thumb_t,kernel_t,unix_dgram_socket,sendto Version-Release number of selected component: selinux-policy-(none):3.13.1-224.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.8-300.fc25.x86_64 type: libreport
Description of problem: this happened during normal operation Version-Release number of selected component: selinux-policy-3.13.1-224.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.8-300.fc25.x86_64 type: libreport
The same alert shows up with selinux-policy-3.13.1-225.3.fc25.noarch. There were also similar but slightly different complaints. Namely that tumblerd is prevented from creating unix_dgram_socket and from writing on some socket without giving a specific socket path.
Description of problem: I do not know Version-Release number of selected component: selinux-policy-3.13.1-225.3.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.15-300.fc25.x86_64 type: libreport
selinux-policy-3.13.1-225.6.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-66d634473a
selinux-policy-3.13.1-225.6.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-66d634473a
selinux-policy-3.13.1-225.6.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.