SELinux is preventing firewalld from relabelto access on the file ifcfg-enp3s0.bak. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that firewalld should be allowed relabelto access on the ifcfg-enp3s0.bak file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'firewalld' --raw | audit2allow -M my-firewalld # semodule -X 300 -i my-firewalld.pp Additional Information: Source Context system_u:system_r:firewalld_t:s0 Target Context unconfined_u:object_r:net_conf_t:s0 Target Objects ifcfg-enp3s0.bak [ file ] Source firewalld Source Path firewalld Port <Unknown> Host jean.localdomain Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-259.fc26.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name jean.localdomain Platform Linux jean.localdomain 4.11.8-300.fc26.x86_64 #1 SMP Thu Jun 29 20:09:48 UTC 2017 x86_64 x86_64 Alert Count 1 First Seen 2017-07-16 18:57:14 PDT Last Seen 2017-07-16 18:57:14 PDT Local ID 1f786cc6-0e9e-47b0-93c3-4d166784df47 Raw Audit Messages type=AVC msg=audit(1500256634.945:22797596): avc: denied { relabelto } for pid=914 comm="firewalld" name="ifcfg-enp3s0.bak" dev="dm-0" ino=418716 scontext=system_u:system_r:firewalld_t:s0 tcontext=unconfined_u:object_r:net_conf_t:s0 tclass=file permissive=0 Hash: firewalld,firewalld_t,net_conf_t,file,relabelto
Got this notification after restoring backups of my /etc/firewalld/ on a new installation of Fedora 26 Workstation x86_64.
Andrew, This is caused by moving files from backup. Please run following command when you'll done with restoring backups: # restorecon -Rv / This should fix your issue. Thanks, Lukas.