I thought I would wait a little while before filing this bug thinking I can't be the only person using postfix on Fedora, but it appears I am... SELinux is preventing postfix from search access on the directory dev. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow postfix to have search access on the dev directory Then you need to change the label on dev Do # semanage fcontext -a -t FILE_TYPE 'dev' where FILE_TYPE is one of the following: NetworkManager_var_run_t, abrt_var_run_t, admin_home_t, aiccu_var_run_t, ajaxterm_var_run_t, alsa_var_run_t, anon_inodefs_t, antivirus_db_t, antivirus_var_run_t, apcupsd_var_run_t, apmd_var_run_t, arpwatch_var_run_t, asterisk_var_run_t, audisp_var_run_t, audit_spool_t, auditd_log_t, auditd_var_run_t, autofs_t, automount_tmp_t, automount_var_run_t, avahi_var_run_t, bacula_store_t, bacula_var_run_t, bcfg2_var_run_t, bin_t, binfmt_misc_fs_t, bitlbee_var_run_t, blkmapd_var_run_t, blktap_var_run_t, blueman_var_run_t, bluetooth_var_run_t, boot_t, bootloader_var_run_t, brltty_var_run_t, bumblebee_var_run_t, cachefilesd_var_run_t, callweaver_var_run_t, canna_var_run_t, capifs_t, cardmgr_var_run_t, ccs_var_run_t, cephfs_t, cert_t, certmaster_var_run_t, certmonger_var_run_t, cgred_var_run_t, cgroup_t, chronyd_var_run_t, cifs_t, cinder_var_run_t, clogd_var_run_t, cluster_conf_t, cluster_var_lib_t, cluster_var_run_t, clvmd_var_run_t, cmirrord_var_run_t, cockpit_var_run_t, collectd_var_run_t, comsat_var_run_t, condor_var_run_t, conman_var_run_t, consolekit_var_run_t, container_file_t, container_ro_file_t, couchdb_var_run_t, courier_var_run_t, cpu_online_t, cpuplug_var_run_t, cpuspeed_var_run_t, cron_var_run_t, crond_var_run_t, ctdbd_var_run_t, cupsd_config_var_run_t, cupsd_lpd_var_run_t, cupsd_var_run_t, cvs_var_run_t, cyphesis_var_run_t, cyrus_var_lib_t, cyrus_var_run_t, dbskkd_var_run_t, dcc_var_run_t, dccd_var_run_t, dccifd_var_run_t, dccm_var_run_t, dcerpcd_var_run_t, ddclient_var_run_t, debugfs_t, default_context_t, default_t, deltacloudd_var_run_t, device_t, devicekit_var_run_t, devpts_t, dhcpc_var_run_t, dhcpd_var_run_t, dictd_var_run_t, dirsrv_snmp_var_run_t, dirsrv_var_run_t, dkim_milter_data_t, dlm_controld_var_run_t, dnsmasq_var_run_t, dnssec_t, dnssec_trigger_var_run_t, dosfs_t, dovecot_var_run_t, drbd_var_run_t, dspam_var_run_t, ecryptfs_t, efivarfs_t, entropyd_var_run_t, etc_aliases_t, etc_mail_t, etc_runtime_t, etc_t, eventlogd_var_run_t, evtchnd_var_run_t, exim_var_run_t, fail2ban_var_lib_t, fail2ban_var_run_t, fcoemon_var_run_t, fenced_var_run_t, fetchmail_var_run_t, file_context_t, fingerd_var_run_t, firewalld_var_run_t, foghorn_var_run_t, fonts_cache_t, fonts_t, freeipmi_bmc_watchdog_var_run_t, freeipmi_ipmidetectd_var_run_t, freeipmi_ipmiseld_var_run_t, fsadm_var_run_t, fsdaemon_var_run_t, ftpd_var_run_t, fusefs_t, games_srv_var_run_t, gdomap_var_run_t, gear_var_run_t, getty_var_run_t, gfs_controld_var_run_t, glance_var_run_t, glusterd_var_run_t, gpm_var_run_t, gpsd_var_run_t, greylist_milter_data_t, groupd_var_run_t, gssproxy_var_run_t, haproxy_var_run_t, home_root_t, hostapd_var_run_t, httpd_sys_content_t, httpd_var_run_t, hugetlbfs_t, hwloc_var_run_t, icecast_var_run_t, ifconfig_var_run_t, inetd_child_var_run_t, inetd_var_run_t, init_var_run_t, initrc_tmp_t, initrc_var_run_t, innd_var_run_t, insmod_var_run_t, ipa_var_run_t, ipmievd_var_run_t, ipsec_mgmt_var_run_t, ipsec_var_run_t, iptables_var_lib_t, iptables_var_run_t, irqbalance_var_run_t, iscsi_var_run_t, isnsd_var_run_t, iso9660_t, iwhd_var_run_t, jetty_var_run_t, kadmind_var_run_t, kdbusfs_t, keepalived_var_run_t, keystone_var_run_t, kismet_var_run_t, klogd_var_run_t, krb5_conf_t, krb5_host_rcache_t, krb5kdc_var_run_t, ksmtuned_var_run_t, l2tpd_var_run_t, lib_t, likewise_var_lib_t, lircd_var_run_t, lldpad_var_run_t, locale_t, locate_var_run_t, logwatch_var_run_t, lost_found_t, lpd_var_run_t, lsassd_var_run_t, lsmd_var_run_t, lttng_sessiond_var_run_t, lvm_var_run_t, lwiod_var_run_t, lwregd_var_run_t, lwsmd_var_run_t, mail_home_t, mail_spool_t, mailman_data_t, mailman_log_t, mailman_var_run_t, man_cache_t, man_t, mandb_cache_t, mcelog_var_run_t, mdadm_var_run_t, memcached_var_run_t, minidlna_var_run_t, minissdpd_var_run_t, mirrormanager_var_run_t, mnt_t, mock_var_run_t, mon_statd_var_run_t, mongod_var_run_t, motion_var_run_t, mount_var_run_t, mpd_var_run_t, mqueue_spool_t, mrtg_var_run_t, mscan_var_run_t, munin_var_run_t, mysqld_db_t, mysqld_var_run_t, mysqlmanagerd_var_run_t, naemon_var_run_t, nagios_var_run_t, named_conf_t, named_var_run_t, net_conf_t, netlogond_var_run_t, neutron_var_run_t, news_spool_t, nfs_t, nfsd_fs_t, ninfod_run_t, nmbd_var_run_t, nova_var_run_t, nrpe_var_run_t, nscd_var_run_t, nsd_var_run_t, nslcd_var_run_t, ntop_var_run_t, ntpd_var_run_t, numad_var_run_t, nut_var_run_t, nx_server_var_run_t, oddjob_var_run_t, onload_fs_t, openct_var_run_t, opendnssec_var_run_t, openhpid_var_run_t, openshift_tmp_t, openshift_var_lib_t, openshift_var_run_t, openvpn_var_run_t, openvswitch_var_run_t, openwsman_run_t, oracleasmfs_t, osad_var_run_t, pads_var_run_t, pam_var_console_t, pam_var_run_t, passenger_var_run_t, pcp_var_run_t, pcscd_var_run_t, pdns_var_run_t, pegasus_openlmi_storage_var_run_t, pegasus_var_run_t, pesign_var_run_t, piranha_fos_var_run_t, piranha_lvs_var_run_t, piranha_pulse_var_run_t, piranha_web_var_run_t, pkcs11proxyd_var_run_t, pkcs_slotd_var_run_t, pki_ra_var_run_t, pki_tomcat_var_run_t, pki_tps_var_run_t, plymouthd_var_run_t, policykit_var_run_t, polipo_pid_t, portmap_var_run_t, portreserve_var_run_t, postfix_data_t, postfix_etc_t, postfix_private_t, postfix_public_t, postfix_spool_bounce_t, postfix_spool_t, postfix_var_run_t, postgresql_var_run_t, postgrey_spool_t, postgrey_var_run_t, pppd_var_run_t, pptp_var_run_t, prelude_audisp_var_run_t, prelude_lml_var_run_t, prelude_var_run_t, privoxy_var_run_t, proc_t, proc_xen_t, prosody_var_run_t, psad_var_run_t, pstore_t, ptal_var_run_t, public_content_rw_t, public_content_t, pulseaudio_var_run_t, puppet_var_run_t, pwauth_var_run_t, pyicqt_var_run_t, qdiskd_var_run_t, qemu_var_run_t, qpidd_var_run_t, quota_nld_var_run_t, rabbitmq_var_run_t, radiusd_var_run_t, radvd_var_run_t, ramfs_t, random_seed_t, readahead_var_run_t, redis_var_run_t, regex_milter_data_t, removable_t, restorecond_var_run_t, rhev_agentd_var_run_t, rhnsd_var_run_t, rhsmcertd_var_run_t, ricci_modcluster_var_run_t, ricci_var_run_t, rkhunter_var_lib_t, rlogind_var_run_t, rngd_var_run_t, root_t, roundup_var_run_t, rpc_pipefs_t, rpcbind_var_run_t, rpcd_var_run_t, rpm_log_t, rpm_script_tmp_t, rpm_var_run_t, rsync_var_run_t, rtas_errd_var_run_t, samba_etc_t, samba_var_t, sanlock_var_run_t, saslauthd_var_run_t, sbd_var_run_t, sblim_var_run_t, screen_var_run_t, security_t, selinux_config_t, sendmail_var_run_t, sensord_var_run_t, setrans_var_run_t, setroubleshoot_var_run_t, shell_exec_t, slapd_var_run_t, slpd_var_run_t, smbd_var_run_t, smokeping_var_run_t, smsd_var_run_t, snmpd_var_run_t, snort_var_run_t, sosreport_tmp_t, sosreport_var_run_t, soundd_var_run_t, spamass_milter_data_t, spamd_var_run_t, spufs_t, squid_var_run_t, src_t, srvsvcd_var_run_t, sshd_var_run_t, sslh_var_run_t, sssd_public_t, sssd_var_lib_t, sssd_var_run_t, stapserver_var_run_t, stunnel_var_run_t, svnserve_var_run_t, swat_var_run_t, swift_var_run_t, sysctl_fs_t, sysctl_t, sysfs_t, syslogd_var_run_t, system_conf_t, system_cronjob_var_run_t, system_db_t, system_dbusd_var_run_t, systemd_logind_inhibit_var_run_t, systemd_logind_sessions_t, systemd_logind_var_run_t, systemd_machined_var_run_t, systemd_networkd_var_run_t, systemd_passwd_var_run_t, systemd_resolved_var_run_t, sysv_t, telnetd_var_run_t, textrel_shlib_t, tftpd_var_run_t, tgtd_var_run_t, thin_aeolus_configserver_var_run_t, thin_var_run_t, timemaster_var_run_t, tlp_var_run_t, tmp_t, tmpfs_t, tomcat_var_run_t, tor_var_lib_t, tor_var_log_t, tor_var_run_t, tuned_var_run_t, udev_var_run_t, uml_switch_var_run_t, usbfs_t, usbmuxd_var_run_t, user_home_dir_t, user_home_t, user_tmp_t, useradd_var_run_t, usr_t, uucpd_var_run_t, uuidd_var_run_t, var_lib_nfs_t, var_lib_t, var_lock_t, var_log_t, var_run_t, var_spool_t, var_t, varnishd_var_run_t, varnishlog_var_run_t, vdagent_var_run_t, vhostmd_var_run_t, virt_image_t, virt_lxc_var_run_t, virt_qemu_ga_var_run_t, virt_var_lib_t, virt_var_run_t, virtlogd_var_run_t, vmblock_t, vmware_host_pid_t, vmware_pid_t, vnstatd_var_run_t, vpnc_var_run_t, vxfs_t, watchdog_var_run_t, wdmd_var_run_t, winbind_var_run_t, xdm_var_run_t, xenconsoled_var_run_t, xend_var_lib_t, xend_var_run_t, xenfs_t, xenstored_var_lib_t, xenstored_var_run_t, xserver_var_run_t, ypbind_var_run_t, yppasswdd_var_run_t, ypserv_var_run_t, ypxfr_var_run_t, zabbix_var_run_t, zarafa_deliver_var_run_t, zarafa_gateway_var_run_t, zarafa_ical_var_run_t, zarafa_indexer_var_run_t, zarafa_monitor_var_run_t, zarafa_server_var_run_t, zarafa_spooler_var_run_t, zebra_var_run_t, zoneminder_var_run_t. Then execute: restorecon -v 'dev' ***** Plugin catchall (17.1 confidence) suggests ************************** If you believe that postfix should be allowed search access on the dev directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'postfix' --raw | audit2allow -M my-postfix # semodule -X 300 -i my-postfix.pp Additional Information: Source Context system_u:system_r:postfix_master_t:s0 Target Context unconfined_u:object_r:unlabeled_t:s0 Target Objects dev [ dir ] Source postfix Source Path postfix Port <Unknown> Host mcronenworth.nhsrx.com Source RPM Packages Target RPM Packages filesystem-3.2-37.fc24.x86_64 Policy RPM selinux-policy-3.13.1-225.3.fc25.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name mcronenworth.nhsrx.com Platform Linux mcronenworth.nhsrx.com 4.8.15-300.fc25.x86_64 #1 SMP Thu Dec 15 23:10:23 UTC 2016 x86_64 x86_64 Alert Count 82 First Seen 2016-12-22 10:13:03 CST Last Seen 2016-12-29 08:42:53 CST Local ID e6891bc0-f896-493f-99f2-8e79ec5ba352 Raw Audit Messages type=AVC msg=audit(1483022573.25:132): avc: denied { search } for pid=31890 comm="postlog" name="dev" dev="sda2" ino=4980737 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=dir permissive=0 Hash: postfix,postfix_master_t,unlabeled_t,dir,search
Please, run following command to fix your issue: # restorecon -Rv /
I have, thanks. Before I opened this bug. Reopening.
Sorry. Issue has disappeared now so I cannot reproduce.
Reopening. I can reproduce it again. System was rebooted and now I'm getting a denial. The same denial I originally reported. type=AVC msg=audit(1485182604.381:132): avc: denied { search } for pid=26553 comm="postlog" name="dev" dev="sda2" ino=4980737 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=dir permissive=0 Running 'restorecon -Rv /' does *not* fix it. postfix-3.1.4-1.fc25.x86_64 selinux-policy-3.13.1-225.6.fc25.noarch
Created attachment 1246744 [details] Full list of AVCs emitted from postfix I am attaching the full list of AVCs generated by a start attempt of postfix. Creating a custom module that allows these AVCs allows postfix to start.
Here is the custom module type enforcement file: module mypostfix 1.0; require { type unlabeled_t; type postfix_master_t; class file { open read write }; class dir { search write }; } #============= postfix_master_t ============== allow postfix_master_t unlabeled_t:dir { search write }; allow postfix_master_t unlabeled_t:file read; allow postfix_master_t unlabeled_t:file { open write };
Created attachment 1246745 [details] Additional AVCs emitted after postfix startup There were 12 additional AVCs emitted once Postfix successfully started up.
A dupe: https://bugzilla.redhat.com/show_bug.cgi?id=1418908
The module type enforcement file you posted does not work for me. postfix-3.1.4-1.fc25.x86_64
Where is this postlog directory? What does ls -lZ /PATHTO/postlog show?
$ ls -lZ /usr/sbin/postlog -rwxr-xr-x. 1 root root system_u:object_r:postfix_master_exec_t:s0 11392 Jan 2 11:21 /usr/sbin/postlog # restorecon -Rv /usr/sbin/postlog [no output] $ ls -lZ /usr/sbin/postlog -rwxr-xr-x. 1 root root system_u:object_r:postfix_master_exec_t:s0 11392 Jan 2 11:21 /usr/sbin/postlog
I see the same issue. I also notice that the inode in the sealert output is that of the underlying /dev directory in the root filesystem. ls -lZi /dev gives a different inode (probably from the devtmpfs mounted on top of the root filesystem). Not sure whether it is relevant.
selinux-policy-3.13.1-225.20.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-837f04c39a
selinux-policy-3.13.1-225.20.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-837f04c39a
This is NOT fixed by that update. Postfix STILL fails to start. Please test updates before issuing them. Aug 16 08:25:04 foo.bar.com systemd[1]: Starting Postfix Mail Transport Agent... Aug 16 08:25:05 foo.bar.com audit[17608]: AVC avc: denied { search } for pid=17608 comm="postfix" name="dev" dev="sda2" ino=4980737 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=dir permissive=0 Aug 16 08:25:05 foo.bar.com audit[17608]: AVC avc: denied { search } for pid=17608 comm="postfix-script" name="dev" dev="sda2" ino=4980737 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=dir permissive=0 Aug 16 08:25:05 foo.bar.com audit[17614]: AVC avc: denied { search } for pid=17614 comm="postfix-script" name="dev" dev="sda2" ino=4980737 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=dir permissive=0 Aug 16 08:25:05 foo.bar.com audit[17614]: AVC avc: denied { search } for pid=17614 comm="postfix-script" name="dev" dev="sda2" ino=4980737 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=dir permissive=0 Aug 16 08:25:05 foo.bar.com postfix[17608]: /usr/libexec/postfix/postfix-script: line 122: /dev/null: Permission denied Aug 16 08:25:05 foo.bar.com audit[17615]: AVC avc: denied { search } for pid=17615 comm="postlog" name="dev" dev="sda2" ino=4980737 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=dir permissive=0 Aug 16 08:25:05 foo.bar.com audit[17615]: AVC avc: denied { search } for pid=17615 comm="postlog" name="dev" dev="sda2" ino=4980737 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=dir permissive=0 Aug 16 08:25:05 foo.bar.com audit[17615]: AVC avc: denied { search } for pid=17615 comm="postlog" name="dev" dev="sda2" ino=4980737 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=dir permissive=0 Aug 16 08:25:06 foo.bar.com systemd[1]: postfix.service: Control process exited, code=exited status=1 Aug 16 08:25:06 foo.bar.com systemd[1]: Failed to start Postfix Mail Transport Agent.
selinux-policy-3.13.1-225.20.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Not fixed yet.
selinux-policy-3.13.1-225.22.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d4f3635ee
selinux-policy-3.13.1-225.22.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d4f3635ee
Still not fixed.
selinux-policy-3.13.1-225.22.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
selinux-policy-3.13.1-225.23.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-4d00e4db6a
selinux-policy-3.13.1-225.23.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-4d00e4db6a
This is still broken with the latest update. I have run 'restorecon' on /dev, /etc, /bin, and /sbin. The same AVC messages are output.
selinux-policy-3.13.1-225.23.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
I seem to have the same issue or at least one that's very similar (SELinux is a complete mystery to me). Not sure if this is the right place to post this, because I'm running the F27 (non-modular) Server Beta. I get the "/usr/libexec/postfix/postfix-script: line 122: /dev/null: Permission denied" error Michael Cronenworth described in Comment 15 and similar AVCs, the difference in my case is that the "tcontext" starts with "system_u" and not "unconfined_u". I also get the "aliasesdb" and "chroot-update" AVCs from Rudd-O DragonFears Bug Report (Link in Comment 8). The strange thing is that this only happens on my Raspberry Pi 3. I also run the x86_64-version of the F27 Server Beta in a VM, to test my configs, and there it works. Both installs use selinux-policy-3.13.1-283.14.fc27.
SELinux is a labeling system. If you have files on the system labeled as unlabeled_t, then we need to assign labels to them. Usually you can do this with restorecon. restorecon -R -v PATHTOFILESWITHOUTLABELS.
I tried relabeling the whole filesystem, it didn't help. The good news is that I got it working by creating this policy module with audit2allow: module my-postfix 1.0; require { type postfix_master_t; type unlabeled_t; class chr_file { open read write }; class dir { search write }; } #============= postfix_master_t ============== allow postfix_master_t unlabeled_t:chr_file { open read write }; allow postfix_master_t unlabeled_t:dir { search write };
This message is a reminder that Fedora 25 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 25. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '25'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 25 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Created attachment 1417753 [details] Jan / #31 - logs and stuff
I did some further testing, now that the F28 Beta is here. This has been done on a Raspberry Pi 3. Fedora 28 Server Beta: 1. flash Fedora-Server-armhfp-28_Beta-1.3-sda.raw.xz and boot 2. do the initial setup and login 3. install postfix 4. start postfix --> it works! Fedora 27 Server: 1. flash Fedora-Server-armhfp-27-1.6-sda.raw.xz and boot 2. do the initial setup and login 3. install postfix 4. start postfix --> fail 5. upgrade the system and reboot 6. start postfix --> fail 7. upgrade to Fedora 28 8. start postfix --> fail 9. autorelabeling the filesystem and reinstalling postfix 10. start postfix --> fail So I guess the problem won't be fixed by installing a specific version of some package. I have added an attachement with logs/errors from my main F27 installation. I don't think there is anything in there that's not already in this thread, but who knows. I can try to look for additional information or to relabel certain files, but at the moment I don't know what to do or how to do it.
This message is a reminder that Fedora 26 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 26. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '26'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 26 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 26 changed to end-of-life (EOL) status on 2018-05-29. Fedora 26 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.
Still present in Fedora 28+.
This bug appears to have been reported against 'rawhide' during the Fedora 29 development cycle. Changing version to '29'.
(In reply to Michael Cronenworth from comment #35) > Still present in Fedora 28+. What are the latest AVCs? Also include the full path for the inode number i.e. "ino=<value>" find / -inum <value>
As this bug has been in NEEDINFO state for an extended period of time, we are going to close it due to inactivity with the resolution of NOTABUG. Feel free to reopen the bugzilla if the issue persists.
I have lost access to the system exhibiting this issue so I will no longer be able to report on it.