Description of problem: SELinux is preventing abrt-action-sav from 'read' accesses on the file /var/lib/rpm/Packages. ***** Plugin restorecon (99.5 confidence) suggests ************************ If you want to fix the label. /var/lib/rpm/Packages default label should be rpm_var_lib_t. Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly. Do # /sbin/restorecon -v /var/lib/rpm/Packages ***** Plugin catchall (1.49 confidence) suggests ************************** If you believe that abrt-action-sav should be allowed read access on the Packages file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'abrt-action-sav' --raw | audit2allow -M my-abrtactionsav # semodule -X 300 -i my-abrtactionsav.pp Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:unlabeled_t:s0 Target Objects /var/lib/rpm/Packages [ file ] Source abrt-action-sav Source Path abrt-action-sav Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages rpm-4.13.0.1-5.fc26.x86_64 Policy RPM selinux-policy-3.13.1-259.fc26.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.11.7-300.fc26.x86_64 #1 SMP Mon Jun 26 14:54:05 UTC 2017 x86_64 x86_64 Alert Count 17 First Seen 2017-06-26 19:53:46 +03 Last Seen 2017-06-30 10:03:32 +03 Local ID 51f96f04-a6a8-4300-9024-65236437e253 Raw Audit Messages type=AVC msg=audit(1498806212.28:244): avc: denied { read } for pid=2332 comm="abrt-action-lis" name="Packages" dev="dm-1" ino=166144 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0 Hash: abrt-action-sav,abrt_t,unlabeled_t,file,read Version-Release number of selected component: selinux-policy-3.13.1-259.fc26.noarch Additional info: component: selinux-policy reporter: libreport-2.9.1 hashmarkername: setroubleshoot kernel: 4.11.7-300.fc26.x86_64 type: libreport Potential duplicate: bug 1444810
*** Bug 1478383 has been marked as a duplicate of this bug. ***
Description of problem: I guess doing: dnf update Version-Release number of selected component: selinux-policy-3.13.1-260.4.fc26.noarch Additional info: reporter: libreport-2.9.1 hashmarkername: setroubleshoot kernel: 4.12.5-300.fc26.x86_64 type: libreport
I had a similar issue, which was fixed by executing this command to restore the default labels: restorecon -R -v /var/lib
Description of problem: This error keeps coming back for me. I ran the suggested: /sbin/restorecon -v /var/lib/rpm/Basenames but I still get this security allert regularly. Version-Release number of selected component: selinux-policy-3.13.1-260.4.fc26.noarch Additional info: reporter: libreport-2.9.1 hashmarkername: setroubleshoot kernel: 4.13.4-200.fc26.x86_64 type: libreport
***** Plugin restorecon (99.5 confidence) suggests ************************ If you want to fix the label. /var/lib/rpm/Packages default label should be rpm_var_lib_t. Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly. Do # /sbin/restorecon -v /var/lib/rpm/Packages
Description of problem: I already tried: /sbin/restorecon -v /var/lib/rpm/Basenames seveal times, but this issue is still there Version-Release number of selected component: selinux-policy-3.13.1-260.4.fc26.noarch Additional info: reporter: libreport-2.9.1 hashmarkername: setroubleshoot kernel: 4.13.4-200.fc26.x86_64 type: libreport