Description of problem: SELinux is preventing systemd from 'create' accesses on the unix_stream_socket Unknown. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that systemd should be allowed create access on the Unknown unix_stream_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'systemd' --raw | audit2allow -M my-systemd # semodule -X 300 -i my-systemd.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:system_r:unconfined_service_t:s0 Target Objects Unknown [ unix_stream_socket ] Source systemd Source Path systemd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-224.fc25.noarch selinux- policy-3.13.1-225.fc25.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.8.11-300.fc25.x86_64 #1 SMP Mon Nov 28 18:24:51 UTC 2016 x86_64 x86_64 Alert Count 3 First Seen 2016-12-03 07:27:20 CET Last Seen 2016-12-03 07:27:21 CET Local ID 26707918-683a-4bb7-9b06-2ae7fdc31dab Raw Audit Messages type=AVC msg=audit(1480746441.404:219): avc: denied { create } for pid=1 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_stream_socket permissive=0 Hash: systemd,init_t,unconfined_service_t,unix_stream_socket,create Version-Release number of selected component: selinux-policy-3.13.1-224.fc25.noarch selinux-policy-3.13.1-225.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.11-300.fc25.x86_64 type: libreport Potential duplicate: bug 1379278
Description of problem: occured after last system update Version-Release number of selected component: selinux-policy-3.13.1-224.fc25.noarch selinux-policy-3.13.1-225.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.11-300.fc25.x86_64 type: libreport
Description of problem: running an update process with yumex with updates-testing enabled. applying updates process was nearing completion and the warning came up during the cleanup phase. not sure which specific patch the error was generated by Version-Release number of selected component: selinux-policy-3.13.1-225.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.10-300.fc25.x86_64 type: libreport
Description of problem: during dnf update Version-Release number of selected component: selinux-policy-3.13.1-224.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.10-300.fc25.x86_64 type: libreport
Description of problem: Ran dnf upgrade Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.10-300.fc25.x86_64 type: libreport
Description of problem: This happened during live dnf update in a completely clean freshly-installed Fedora 25 VM. Version-Release number of selected component: selinux-policy-3.13.1-224.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.6-300.fc25.x86_64 type: libreport
Hi, Could you attach output of: # ps -efZ | grep unconfined_service Thanks.
# ps -efZ | grep unconfined_service unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 32719 32675 0 17:26 pts/18 00:00:00 grep --color=auto unconfined_service
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 antman 6284 6258 0 12:33 pts/0 00:00:00 grep --color=auto unconfined_service
Description of problem: I just started to run the dnf update, and then I got this message from SELinux that it had detected a problem. The source process: systemd Attempted this access: create On this unix_stream_socket I'm a newbie so I really don't know what's going on. This is the details: SELinux is preventing systemd from create access on the unix_stream_socket Unknown. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that systemd should be allowed create access on the Unknown unix_stream_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'systemd' --raw | audit2allow -M my-systemd # semodule -X 300 -i my-systemd.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:system_r:unconfined_service_t:s0 Target Objects Unknown [ unix_stream_socket ] Source systemd Source Path systemd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-224.fc25.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux localhost.localdomain 4.8.10-300.fc25.x86_64 #1 SMP Mon Nov 21 18:59:16 UTC 2016 x86_64 x86_64 Alert Count 3 First Seen 2016-12-06 14:17:24 CET Last Seen 2016-12-06 14:17:24 CET Local ID 570e9ca7-e3fa-49af-8389-126beb5a1440 Raw Audit Messages type=AVC msg=audit(1481030244.381:244): avc: denied { create } for pid=1 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=unix_stream_socket permissive=0 Hash: systemd,init_t,unconfined_service_t,unix_stream_socket,create Version-Release number of selected component: selinux-policy-3.13.1-224.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.10-300.fc25.x86_64 type: libreport
Description of problem: Happened during update around 3:10 6/12/2016. SELinux was among the updated packages. Version-Release number of selected component: selinux-policy-3.13.1-224.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.10-300.fc25.x86_64 type: libreport
Description of problem: Occurred a while after startup during normal operation. No idea how or why, sorry. Version-Release number of selected component: selinux-policy-3.13.1-224.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.10-300.fc25.x86_64 type: libreport
Description of problem: Updated system via dnf. Version-Release number of selected component: selinux-policy-3.13.1-224.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.10-300.fc25.x86_64 type: libreport
(In reply to Lukas Vrabec from comment #6) > Hi, > Could you attach output of: > # ps -efZ | grep unconfined_service > > Thanks. After running the suggested local fix (ausearch -c 'systemd-gpt-aut' --raw | audit2allow -M my-systemdgptaut & semodule -X 300 -i my-systemdgptaut.pp) system_u:system_r:unconfined_service_t:s0 rpc 11934 1 0 22:37 ? 00:00:00 /usr/bin/rpcbind -w -f unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 27523 3241 0 22:47 pts/1 00:00:00 grep --color=auto unconfined_service
Description of problem: This error ocurred after an update the system. Version-Release number of selected component: selinux-policy-3.13.1-224.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.10-300.fc25.x86_64 type: libreport
Description of problem: Ran a dnf update, and when firewalld was cleaned up, this error displayed. Version-Release number of selected component: selinux-policy-3.13.1-224.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.8-300.fc25.x86_64 type: libreport
Description of problem: I've just run "dnf update" and then working with web browser. Version-Release number of selected component: selinux-policy-3.13.1-224.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.10-300.fc25.x86_64 type: libreport
Description of problem: After reboot in fresh fedora25 have this issue Version-Release number of selected component: selinux-policy-3.13.1-224.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.11-300.fc25.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 1402083 ***
*** Bug 1403237 has been marked as a duplicate of this bug. ***
*** Bug 1403527 has been marked as a duplicate of this bug. ***
*** Bug 1415903 has been marked as a duplicate of this bug. ***
*** Bug 1419350 has been marked as a duplicate of this bug. ***
*** Bug 1420950 has been marked as a duplicate of this bug. ***
*** Bug 1423838 has been marked as a duplicate of this bug. ***
*** Bug 1428596 has been marked as a duplicate of this bug. ***
*** Bug 1431656 has been marked as a duplicate of this bug. ***
*** Bug 1432125 has been marked as a duplicate of this bug. ***
*** Bug 1432217 has been marked as a duplicate of this bug. ***
*** Bug 1432517 has been marked as a duplicate of this bug. ***
*** Bug 1433115 has been marked as a duplicate of this bug. ***
*** Bug 1442652 has been marked as a duplicate of this bug. ***
*** Bug 1443660 has been marked as a duplicate of this bug. ***
*** Bug 1444645 has been marked as a duplicate of this bug. ***
*** Bug 1454766 has been marked as a duplicate of this bug. ***
*** Bug 1459397 has been marked as a duplicate of this bug. ***
*** Bug 1460039 has been marked as a duplicate of this bug. ***
*** Bug 1460758 has been marked as a duplicate of this bug. ***
*** Bug 1465634 has been marked as a duplicate of this bug. ***
*** Bug 1485954 has been marked as a duplicate of this bug. ***