Description of problem: SELinux is preventing bwrap from nnp_transition, nosuid_transition access on the process2 Unknown. ***** Plugin catchall (100. confidence) suggests ************************** If pokud jste přesvědčeni, že má bwrap mít ve výchozím stavu přístup nnp_transition nosuid_transition na Unknown process2. Then toto byste měli nahlásit jako chybu. Abyste přístup povolili, můžete vygenerovat lokální modul pravidel. Do prozatím tento přístup povolíte příkazy: # ausearch -c 'bwrap' --raw | audit2allow -M my-bwrap # semodule -X 300 -i my-bwrap.pp Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Objects Unknown [ process2 ] Source bwrap Source Path bwrap Port <Neznámé> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-300.fc28.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.14.0-0.rc6.git0.1.fc28.x86_64 #1 SMP Mon Oct 23 16:37:45 UTC 2017 x86_64 x86_64 Alert Count 1 First Seen 2017-10-31 13:15:49 CET Last Seen 2017-10-31 13:15:49 CET Local ID 2a536eff-a7fe-43d7-949f-768b8fd18808 Raw Audit Messages type=AVC msg=audit(1509452149.494:647): avc: denied { nnp_transition nosuid_transition } for pid=3656 comm="bwrap" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=process2 permissive=0 Hash: bwrap,unconfined_t,thumb_t,process2,nnp_transition,nosuid_transition Version-Release number of selected component: selinux-policy-3.13.1-300.fc28.noarch Additional info: component: selinux-policy reporter: libreport-2.9.2 hashmarkername: setroubleshoot kernel: 4.14.0-0.rc6.git0.1.fc28.x86_64 type: libreport
I don't think I had seen this with Kernel 4.13 ...
*** This bug has been marked as a duplicate of bug 1509502 ***