Description of problem: Running ExpressVPN on Fedora 27. These alerts happen pretty frequently, but I haven't identified any particular action I'm taking that triggers them. Problem is occurring with NetworkManager, chronyd, sssd, and systemd-resolve source processes, always targeting expressvpn/resolv.conf and always trying to open, read, or getattr. SELinux is preventing NetworkManager from 'open' accesses on the file /var/lib/expressvpn/resolv.conf. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that NetworkManager should be allowed open access on the resolv.conf file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'NetworkManager' --raw | audit2allow -M my-NetworkManager # semodule -X 300 -i my-NetworkManager.pp Additional Information: Source Context system_u:system_r:NetworkManager_t:s0 Target Context system_u:object_r:var_lib_t:s0 Target Objects /var/lib/expressvpn/resolv.conf [ file ] Source NetworkManager Source Path NetworkManager Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-283.24.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.14.18-300.fc27.x86_64 #1 SMP Thu Feb 8 01:35:31 UTC 2018 x86_64 x86_64 Alert Count 1 First Seen 2018-02-15 09:19:04 PST Last Seen 2018-02-15 09:19:04 PST Local ID 5de2505c-8b51-4d9c-8909-bbcaeb2bd43c Raw Audit Messages type=AVC msg=audit(1518715144.432:876): avc: denied { open } for pid=1232 comm="NetworkManager" path="/var/lib/expressvpn/resolv.conf" dev="dm-1" ino=525227 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0 Hash: NetworkManager,NetworkManager_t,var_lib_t,file,open Version-Release number of selected component: selinux-policy-3.13.1-283.24.fc27.noarch Additional info: component: selinux-policy reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.14.18-300.fc27.x86_64 type: libreport
Hi, Express vpn is 3rd party package, I don't have access to reproduce it, but this should fix it on your system: # semanage fcontext -a -t net_conf_t /var/lib/expressvpn/resolv.conf # restorecon -Rv /var/lib/expressvpn Lukas.