Description of problem: SELinux is preventing rm from 'remove_name' accesses on the directory rfkill-saved. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow rm to have remove_name access on the rfkill-saved directory Then you need to change the label on rfkill-saved Do # semanage fcontext -a -t FILE_TYPE 'rfkill-saved' where FILE_TYPE is one of the following: sysfs_t, tlp_var_run_t, var_run_t. Then execute: restorecon -v 'rfkill-saved' ***** Plugin catchall (17.1 confidence) suggests ************************** If you believe that rm should be allowed remove_name access on the rfkill-saved directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'rm' --raw | audit2allow -M my-rm # semodule -X 300 -i my-rm.pp Additional Information: Source Context system_u:system_r:tlp_t:s0 Target Context system_u:object_r:var_lib_t:s0 Target Objects rfkill-saved [ dir ] Source rm Source Path rm Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-225.3.fc25.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.8.15-300.fc25.x86_64 #1 SMP Thu Dec 15 23:10:23 UTC 2016 x86_64 x86_64 Alert Count 1 First Seen 2016-12-29 12:33:48 EST Last Seen 2016-12-29 12:33:48 EST Local ID f0a6cf5c-3c9f-4887-8ce4-9fbb3ffb8dd2 Raw Audit Messages type=AVC msg=audit(1483032828.815:139): avc: denied { remove_name } for pid=1295 comm="rm" name="rfkill-saved" dev="dm-1" ino=3030211 scontext=system_u:system_r:tlp_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir permissive=1 Hash: rm,tlp_t,var_lib_t,dir,remove_name Version-Release number of selected component: selinux-policy-3.13.1-225.3.fc25.noarch Additional info: reporter: libreport-2.8.0 hashmarkername: setroubleshoot kernel: 4.8.15-300.fc25.x86_64 type: libreport
selinux-policy-3.13.1-225.6.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-66d634473a
selinux-policy-3.13.1-225.6.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-66d634473a
selinux-policy-3.13.1-225.6.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.