Description of problem: SELinux is preventing hostname from 'map' accesses on the file /etc/ld.so.cache. ***** Plugin restorecon (94.8 confidence) suggests ************************ If you want to fix the label. /etc/ld.so.cache default label should be ld_so_cache_t. Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly. Do # /sbin/restorecon -v /etc/ld.so.cache ***** Plugin catchall_labels (5.21 confidence) suggests ******************* If you want to allow hostname to have map access on the ld.so.cache file Then you need to change the label on /etc/ld.so.cache Do # semanage fcontext -a -t FILE_TYPE '/etc/ld.so.cache' where FILE_TYPE is one of the following: fonts_cache_t, fonts_t, hostname_exec_t, ld_so_cache_t, ld_so_t, lib_t, locale_t, prelink_exec_t, textrel_shlib_t. Then execute: restorecon -v '/etc/ld.so.cache' ***** Plugin catchall (1.44 confidence) suggests ************************** If you believe that hostname should be allowed map access on the ld.so.cache file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'hostname' --raw | audit2allow -M my-hostname # semodule -X 300 -i my-hostname.pp Additional Information: Source Context system_u:system_r:hostname_t:s0 Target Context system_u:object_r:etc_t:s0 Target Objects /etc/ld.so.cache [ file ] Source hostname Source Path hostname Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages glibc-2.26-24.fc27.x86_64 glibc-2.26-24.fc27.i686 Policy RPM selinux-policy-3.13.1-283.21.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.14.14-300.fc27.x86_64 #1 SMP Fri Jan 19 13:19:54 UTC 2018 x86_64 x86_64 Alert Count 3 First Seen 2018-01-27 00:18:10 IST Last Seen 2018-01-27 00:18:14 IST Local ID 96016c24-2ee8-4c69-b059-b8848b5b7a33 Raw Audit Messages type=AVC msg=audit(1516992494.502:191): avc: denied { map } for pid=1448 comm="hostname" path="/etc/ld.so.cache" dev="dm-0" ino=919604 scontext=system_u:system_r:hostname_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file permissive=0 Hash: hostname,hostname_t,etc_t,file,map Version-Release number of selected component: selinux-policy-3.13.1-283.21.fc27.noarch Additional info: component: selinux-policy reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.14.16-300.fc27.x86_64 type: libreport Potential duplicate: bug 1482360
Hello, Same here, running fc27 in a virtualbox VM. I found a workaround after reading this bugzilla entry: https://bugzilla.redhat.com/show_bug.cgi?id=1513806 I added a ExecStartPost entry in the following systemd service: [root@fedora_test /]# cat /etc/systemd/system/multi-user.target.wants/vboxadd ... ExecStart=/opt/VBoxGuestAdditions-5.1.14/init/vboxadd start ExecStartPost=/usr/sbin/restorecon -v /etc/ld.so.cache ExecStop=/opt/VBoxGuestAdditions-5.1.14/init/vboxadd stop The context of /etc/ld.so.cache is now OK after the reboot: [root@fedora_test /]# ls -Z /etc/ld.so.cache system_u:object_r:ld_so_cache_t:s0 /etc/ld.so.cache Imho, it's a VirtualBox issue, not a fedora one.
*** Bug 1553348 has been marked as a duplicate of this bug. ***
Description of problem: Just updated the OS with the latest updates. Version-Release number of selected component: selinux-policy-3.13.1-283.26.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.6-300.fc27.x86_64 type: libreport
Description of problem: abrt keeps popping this alert Version-Release number of selected component: selinux-policy-3.13.1-283.26.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.6-300.fc27.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 1513806 ***