Description of problem:
A bunch of SELinux alerts appeared upon boot, after deja-dup tried to do an automatic daily backup but crashed.


Additional info:
reporter:       libreport-2.9.2
hashmarkername: setroubleshoot
kernel:         4.13.5-300.fc27.x86_64
type:           libreport

Same on my side:
Source Context                system_u:system_r:abrt_t:s0-s0:c0.c1023
Target Context                unconfined_u:object_r:var_lib_t:s0
Target Objects                /var/lib/rpm/Basenames [ file ]
Source                        abrt-action-sav
Source Path                   abrt-action-sav
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    <Unknown>
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.13.5-300.fc27.x86_64
                              #1 SMP Thu Oct 5 16:57:11 UTC 2017 x86_64 x86_64
Alert Count                   2773
First Seen                    2017-09-29 15:37:18 IDT
Last Seen                     2017-10-09 09:34:06 IDT
Local ID                      3b511674-041a-4595-8010-84a1c19a101c

Raw Audit Messages
type=AVC msg=audit(1507530846.71:2177): avc:  denied  { map } for  pid=6680 comm="abrt-action-lis" path="/var/lib/rpm/Basenames" dev="dm-0" ino=5374806 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0


Hash: abrt-action-sav,abrt_t,var_lib_t,file,map

*****  Plugin restorecon (99.5 confidence) suggests   ************************

If необходимо исправить метку.
Стандартная метка для /var/lib/rpm/Basenames: rpm_var_lib_t.
Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly.
Do
# /sbin/restorecon -v /var/lib/rpm/Basenames

Description of problem:
I don't know how to replicate. I will update the BUG if it happens again.


Additional info:
reporter:       libreport-2.9.2
hashmarkername: setroubleshoot
kernel:         4.13.8-300.fc27.x86_64
type:           libreport

Description of problem:
The error occured when I set pCloud Appimage client to autostart on every boot.


Additional info:
reporter:       libreport-2.9.2
hashmarkername: setroubleshoot
kernel:         4.13.8-300.fc27.x86_64
type:           libreport

Description of problem:
This still happened after a fixfiles --restore


Additional info:
reporter:       libreport-2.9.2
hashmarkername: setroubleshoot
kernel:         4.13.8-300.fc27.x86_64
type:           libreport

Description of problem:
I was trying to use GNOME Software to check for updates.


Additional info:
reporter:       libreport-2.9.2
hashmarkername: setroubleshoot
kernel:         4.13.5-300.fc27.x86_64
type:           libreport

This still happened after a fixfiles --restore as of today

Description of problem:
dnf update


Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.13.13-300.fc27.x86_64
type:           libreport

*** Bug 1531265 has been marked as a duplicate of this bug. ***

*** Bug 1539971 has been marked as a duplicate of this bug. ***

*** Bug 1539976 has been marked as a duplicate of this bug. ***

Description of problem:
just srarted Frdora


Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.14.14-300.fc27.x86_64
type:           libreport

Description of problem:
When I plug a device (like a smartphone or a camera), Fedora completely freeze and logout after few second.
I receive this alert several times per hour.

Sorry but I've no more information about this problem.


Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.14.14-300.fc27.x86_64
type:           libreport

Description of problem:
Appeared directly after initial login after boot.

Version-Release number of selected component:
selinux-policy-3.13.1-283.19.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.14.14-300.fc27.x86_64
type:           libreport

Description of problem:
Boot system and login.

Version-Release number of selected component:
selinux-policy-3.13.1-283.19.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.14.16-300.fc27.x86_64
type:           libreport

*** Bug 1544177 has been marked as a duplicate of this bug. ***

Description of problem:
Login in Gnome

Version-Release number of selected component:
selinux-policy-3.13.1-283.19.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.14.18-300.fc27.x86_64
type:           libreport

Description of problem:
starting an application crashed


Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.14.16-300.fc27.x86_64
type:           libreport

If this NOTABUG, why are there so many occurrences of it here and in other duplicates?

Obviously something has gone wrong such that this file is mislabeled on so many people's systems.  Why is this and shouldn't that be fixed so that every single person running Fedora doesn't need to do a manual:

$ sudo /sbin/restorecon -v /var/lib/rpm/Basenames
Relabeled /var/lib/rpm/Basenames from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0

IOW, this is a symptom of a bug that actually needs fixing, IMHO.

Same here:

SELinux is preventing abrt-action-sav from map access on the file /var/lib/rpm/Basenames.

*****  Plugin restorecon (99.5 confidence) suggests   ************************

If you want to fix the label. 
/var/lib/rpm/Basenames default label should be rpm_var_lib_t.
Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly.
Do
# /sbin/restorecon -v /var/lib/rpm/Basenames

*****  Plugin catchall (1.49 confidence) suggests   **************************

If you believe that abrt-action-sav should be allowed map access on the Basenames file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'abrt-action-sav' --raw | audit2allow -M my-abrtactionsav
# semodule -X 300 -i my-abrtactionsav.pp

Additional Information:
Source Context                system_u:system_r:abrt_t:s0-s0:c0.c1023
Target Context                unconfined_u:object_r:var_lib_t:s0
Target Objects                /var/lib/rpm/Basenames [ file ]
Source                        abrt-action-sav
Source Path                   abrt-action-sav
Port                          <Unknown>
Host                          flatline
Source RPM Packages           
Target RPM Packages           
Policy RPM                    <Unknown>
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     flatline
Platform                      Linux flatline 4.14.16-300.fc27.x86_64 #1 SMP Wed
                              Jan 31 19:24:27 UTC 2018 x86_64 x86_64
Alert Count                   2115
First Seen                    2018-01-27 00:23:20 PST
Last Seen                     2018-02-21 20:01:43 PST
Local ID                      64911e21-76ae-40ca-925b-c98c4072ea63

Raw Audit Messages
type=AVC msg=audit(1519272103.358:4712): avc:  denied  { map } for  pid=22857 comm="abrt-action-lis" path="/var/lib/rpm/Basenames" dev="dm-1" ino=655617 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0


Hash: abrt-action-sav,abrt_t,var_lib_t,file,map

Description of problem:
boot system

Version-Release number of selected component:
selinux-policy-3.13.1-283.19.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.15.6-300.fc27.x86_64
type:           libreport

Description of problem:
Core dump happened in *something*. It appears some process is resetting the SELinux context on /var/lib/rpm files. The context should be rpm_var_lib_t, but it is getting set to var_lib_t.


Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.15.10-300.fc27.x86_64
type:           libreport

Description of problem:
Attempting to launch Shutter while a QEMU/KWM graphical console is opened and an installation process is taking place.


Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.15.13-300.fc27.x86_64
type:           libreport

Description of problem:
upgrade Chrome

Version-Release number of selected component:
selinux-policy-3.13.1-283.26.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.15.16-300.fc27.x86_64
type:           libreport

Happens on Fedora 28 with selinux-policy-3.14.1-19.fc28.noarch

Raw Audit Messages
type=AVC msg=audit(1523591829.185:860): avc:  denied  { map } for  pid=11438 comm="abrt-action-lis" path="/var/lib/rpm/Basenames" dev="nvme0n1p9" ino=3782544 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0

selinux-policy-3.13.1-283.32.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-d3085b9774

selinux-policy-3.13.1-283.32.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-d3085b9774

selinux-policy-3.13.1-283.32.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.