Description of problem: Version-Release number of selected component (if applicable): netlabel_tools-0.30.0-1.fc26.x86_64 selinux-policy-3.13.1-272.fc27.noarch selinux-policy-devel-3.13.1-272.fc27.noarch selinux-policy-doc-3.13.1-272.fc27.noarch selinux-policy-minimum-3.13.1-272.fc27.noarch selinux-policy-mls-3.13.1-272.fc27.noarch selinux-policy-sandbox-3.13.1-272.fc27.noarch selinux-policy-targeted-3.13.1-272.fc27.noarch How reproducible: * always Steps to Reproduce: # service netlabel restart # service netlabel status Actual results (enforcing mode): ---- time->Mon Aug 21 17:51:59 2017 type=AVC msg=audit(1503330719.362:322): avc: denied { execute_no_trans } for pid=1869 comm="netlabel-config" path="/usr/sbin/netlabelctl" dev="vda2" ino=342217 scontext=system_u:system_r:netlabel_mgmt_t:s0 tcontext=system_u:object_r:netlabel_mgmt_exec_t:s0 tclass=file permissive=0 ---- Actual results (permissive mode): ---- time->Mon Aug 21 17:54:03 2017 type=AVC msg=audit(1503330843.516:353): avc: denied { read } for pid=2086 comm="netlabel-config" name="passwd" dev="vda2" ino=394140 scontext=system_u:system_r:netlabel_mgmt_t:s0 tcontext=system_u:object_r:sssd_public_t:s0 tclass=file permissive=1 ---- time->Mon Aug 21 17:54:03 2017 type=AVC msg=audit(1503330843.516:354): avc: denied { open } for pid=2086 comm="netlabel-config" path="/var/lib/sss/mc/passwd" dev="vda2" ino=394140 scontext=system_u:system_r:netlabel_mgmt_t:s0 tcontext=system_u:object_r:sssd_public_t:s0 tclass=file permissive=1 ---- time->Mon Aug 21 17:54:03 2017 type=AVC msg=audit(1503330843.516:355): avc: denied { getattr } for pid=2086 comm="netlabel-config" path="/var/lib/sss/mc/passwd" dev="vda2" ino=394140 scontext=system_u:system_r:netlabel_mgmt_t:s0 tcontext=system_u:object_r:sssd_public_t:s0 tclass=file permissive=1 ---- time->Mon Aug 21 17:54:03 2017 type=AVC msg=audit(1503330843.516:356): avc: denied { map } for pid=2086 comm="netlabel-config" path="/var/lib/sss/mc/passwd" dev="vda2" ino=394140 scontext=system_u:system_r:netlabel_mgmt_t:s0 tcontext=system_u:object_r:sssd_public_t:s0 tclass=file permissive=1 ---- time->Mon Aug 21 17:54:03 2017 type=AVC msg=audit(1503330843.516:357): avc: denied { write } for pid=2086 comm="netlabel-config" name="nss" dev="vda2" ino=394044 scontext=system_u:system_r:netlabel_mgmt_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=sock_file permissive=1 ---- time->Mon Aug 21 17:54:03 2017 type=AVC msg=audit(1503330843.517:358): avc: denied { connectto } for pid=2086 comm="netlabel-config" path="/var/lib/sss/pipes/nss" scontext=system_u:system_r:netlabel_mgmt_t:s0 tcontext=system_u:system_r:sssd_t:s0 tclass=unix_stream_socket permissive=1 ---- time->Mon Aug 21 17:54:03 2017 type=AVC msg=audit(1503330843.523:359): avc: denied { execute_no_trans } for pid=2089 comm="netlabel-config" path="/usr/sbin/netlabelctl" dev="vda2" ino=342217 scontext=system_u:system_r:netlabel_mgmt_t:s0 tcontext=system_u:object_r:netlabel_mgmt_exec_t:s0 tclass=file permissive=1 ---- Expected results: * no SELinux denials
selinux-policy-3.13.1-260.20.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-1969794434
selinux-policy-3.13.1-260.20.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-1969794434
selinux-policy-3.13.1-260.20.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.