Description of problem: type=AVC msg=audit(1506217506.146:8341): avc: denied { sendto } for pid=1183 comm="chronyd" path="/run/chrony/chronyc.13933.sock" scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:system_r:system_cronjob_t:s0-s0:c0.c1023 tclass=unix_dgram_socket permissive=1 type=AVC msg=audit(1506217805.812:9341): avc: denied { sendto } for pid=1183 comm="chronyd" path="/run/chrony/chronyc.17604.sock" scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:system_r:system_cronjob_t:s0-s0:c0.c1023 tclass=unix_dgram_socket permissive=1 require { type chronyd_t; type system_cronjob_t; class unix_dgram_socket sendto; } #============= chronyd_t ============== allow chronyd_t system_cronjob_t:unix_dgram_socket sendto; Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
This bug appears to have been reported against 'rawhide' during the Fedora 28 development cycle. Changing version to '28'.
selinux-policy-3.14.1-42.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-2d1b09d217
selinux-policy-3.14.1-42.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-2d1b09d217
selinux-policy-3.14.1-42.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.