Description of problem: SELinux is preventing systemd from 'write' accesses on the sock_file virtlogd-sock. ***** Plugin catchall (100. confidence) suggests ************************** Si vous pensez que systemd devrait être autorisé à accéder write sur virtlogd-sock sock_file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # ausearch -c "systemd" --raw | audit2allow -M my-systemd # semodule -X 300 -i my-systemd.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:virtlogd_var_run_t:s0 Target Objects virtlogd-sock [ sock_file ] Source systemd Source Path systemd Port <Inconnu> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.1-3.fc28.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.15.0-1.fc28.x86_64 #1 SMP Mon Jan 29 10:12:16 UTC 2018 x86_64 x86_64 Alert Count 1 First Seen 2018-01-30 16:59:09 CET Last Seen 2018-01-30 16:59:09 CET Local ID 040e1946-3f93-4fa8-b0ad-d81dc05da868 Raw Audit Messages type=AVC msg=audit(1517327949.671:131): avc: denied { write } for pid=1 comm="systemd" name="virtlogd-sock" dev="tmpfs" ino=25085 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:virtlogd_var_run_t:s0 tclass=sock_file permissive=0 Hash: systemd,init_t,virtlogd_var_run_t,sock_file,write Version-Release number of selected component: selinux-policy-3.14.1-3.fc28.noarch Additional info: component: selinux-policy reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.0-1.fc28.x86_64 type: libreport
This bug appears to have been reported against 'rawhide' during the Fedora 28 development cycle. Changing version to '28'.
Nicolas, Do you know when this happened? Are you able to reproduce it? THanks, Lukas.
unfortunately, no, this system only serves as client to other stuff, so apart from updating it continuously to rawhide and accessing other things in firefox/evolution/ssh nothing much happens on it I just reported the alerts that had accumulated over the past weeks
Description of problem: After full update to devel relabel and reboot Version-Release number of selected component: selinux-policy-3.14.1-10.fc28.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.16.0-0.rc3.git0.1.fc28.x86_64 type: libreport
Description of problem: It appeared just after an update from F27 to F28 using GNOME software on Fedora Workstation inside a KVM virtual machine. Version-Release number of selected component: selinux-policy-3.14.1-10.fc28.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.16.0-0.rc3.git0.1.fc28.x86_64 type: libreport
SELinux is preventing systemd from write access on the sock_file virtlogd-sock. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that systemd should be allowed write access on the virtlogd-sock sock_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'systemd' --raw | audit2allow -M my-systemd # semodule -X 300 -i my-systemd.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:virtlogd_var_run_t:s0 Target Objects virtlogd-sock [ sock_file ] Source systemd Source Path systemd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM <Unknown> Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.16.0-0.rc3.git0.1.fc28.x86_64 #1 SMP Mon Feb 26 15:15:43 UTC 2018 x86_64 x86_64 Alert Count 1 First Seen 2018-03-04 11:37:21 IST Last Seen 2018-03-04 11:37:21 IST Local ID c6e3ee65-e5f4-4ac6-bea6-cdcf00f067a5 Raw Audit Messages type=AVC msg=audit(1520156241.170:106): avc: denied { write } for pid=1 comm="systemd" name="virtlogd-sock" dev="tmpfs" ino=24047 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:virtlogd_var_run_t:s0 tclass=sock_file permissive=0 Hash: systemd,init_t,virtlogd_var_run_t,sock_file,write Version: selinux-policy-3.14.1-10.fc28.noarch selinux-policy-targeted-3.14.1-10.fc28.noarch
*** Bug 1551579 has been marked as a duplicate of this bug. ***
*** Bug 1551581 has been marked as a duplicate of this bug. ***
Description of problem: Error poped up without any action done. Just right after the login on the desktop Version-Release number of selected component: selinux-policy-3.14.1-10.fc28.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.16.0-0.rc3.git0.1.fc28.x86_64 type: libreport
Description of problem: This appeared after a system upgrade from a fully working Fedora 27 to Fedora 28. Version-Release number of selected component: selinux-policy-3.14.1-10.fc28.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.16.0-0.rc3.git0.1.fc28.x86_64 type: libreport
Not reproducible in: selinux-policy-targeted-3.14.1-11.fc28.noarch selinux-policy-3.14.1-11.fc28.noarch kernel-4.16.0-0.rc4.git0.1.fc28.x86_64
selinux-policy-3.14.1-13.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-59cbf1effc
selinux-policy-3.14.1-13.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-59cbf1effc
selinux-policy-3.14.1-14.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-59cbf1effc
selinux-policy-3.14.1-14.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-59cbf1effc
selinux-policy-3.14.1-14.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.