Description of problem: SELinux is preventing (fwupd) from 'mounton' accesses on the directory /var/lib/fwupd. ***** Plugin catchall (100. confidence) suggests ************************** If sie denken, dass es (fwupd) standardmäßig erlaubt sein sollte, mounton Zugriff auf fwupd directory zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do allow this access for now by executing: # ausearch -c '(fwupd)' --raw | audit2allow -M my-fwupd # semodule -X 300 -i my-fwupd.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:fwupd_var_lib_t:s0 Target Objects /var/lib/fwupd [ dir ] Source (fwupd) Source Path (fwupd) Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM <Unknown> Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.11.0-0.rc2.git0.1.fc26.x86_64 #1 SMP Mon Mar 13 17:14:58 UTC 2017 x86_64 x86_64 Alert Count 1 First Seen 2017-03-16 07:57:33 CET Last Seen 2017-03-16 07:57:33 CET Local ID 2400e99c-ecc6-4c6e-ae9d-c82d1a75aeca Raw Audit Messages type=AVC msg=audit(1489647453.250:264): avc: denied { mounton } for pid=2234 comm="(fwupd)" path="/var/lib/fwupd" dev="dm-0" ino=3145846 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:fwupd_var_lib_t:s0 tclass=dir permissive=0 Hash: (fwupd),init_t,fwupd_var_lib_t,dir,mounton Additional info: component: selinux-policy reporter: libreport-2.9.0 hashmarkername: setroubleshoot kernel: 4.11.0-0.rc2.git0.1.fc26.x86_64 type: libreport
Proposed as a Blocker for 26-final by Fedora user vondruch using the blocker tracking app because: I think this violates: "There must be no SELinux denial notifications or crash notifications on boot of or during installation from a release-blocking live image, or at first login after a default install of a release-blocking desktop." Although I am not sure it pops up after first login, it propably pops up sooner or later ...
*** This bug has been marked as a duplicate of bug 1429341 ***