Description of problem: When httpd is configured to read an SSL private key password at startup, I get an AVC when starting the service. The password is read correctly and the service starts correctly so this appears benign. httpd gets a password by running: exec /bin/systemd-ask-password "Enter SSL pass phrase for $1 ($2) : " ... could be we are spawning this child wrong httpd side so let me know if so. Version-Release number of selected component (if applicable): selinux-policy-3.13.1-283.17.fc27.noarch How reproducible: always Steps to Reproduce: 1. systemctl stop httpd 2. openssl req -x509 -outform PEM -subj /CN=localhost -passout pass:foobar -out /etc/pki/tls/certs/localhost.crt -keyout /etc/pki/tls/private/localhost.key 2. systemctl start httpd Actual results: type=AVC msg=audit(1512550071.842:310): avc: denied { search } for pid=5531 comm="systemd-ask-pas" name="1" dev="proc" ino=12904 scontext=system_u:system_r:httpd_passwd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir permissive=0 Expected results: no AVC Additional info:
selinux-policy-3.13.1-283.21.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-0d8506aba4
selinux-policy-3.13.1-283.21.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-0d8506aba4
selinux-policy-3.13.1-283.21.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.