Description of problem: SELinux alerts on RPM updates due to incorrect SELinux label on /etc/ld.so.cache Version-Release number of selected component (if applicable): Target RPM Packages glibc-2.26-26.fc27.x86_64 Policy RPM selinux-policy-3.13.1-283.26.fc27.noarch How reproducible: Not confidentt on what changed the label during the update Steps to Reproduce: 1. 2. 3. Actual results: Expected results: No SELinux label errors Additional info: ***** Plugin catchall_labels (5.21 confidence) suggests ******************* If you want to allow hostname to have map access on the ld.so.cache file Then you need to change the label on /etc/ld.so.cache Do # semanage fcontext -a -t FILE_TYPE '/etc/ld.so.cache' where FILE_TYPE is one of the following: fonts_cache_t, fonts_t, hostname_exec_t, ld_so_cache_t, ld_so_t, lib_t, locale_t, prelink_exec_t, textrel_shlib_t. Then execute: restorecon -v '/etc/ld.so.cache' ***** Plugin catchall (1.44 confidence) suggests ************************** If you believe that hostname should be allowed map access on the ld.so.cache file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'hostname' --raw | audit2allow -M my-hostname # semodule -X 300 -i my-hostname.pp Additional Information: Source Context system_u:system_r:hostname_t:s0 Target Context system_u:object_r:etc_t:s0 Target Objects /etc/ld.so.cache [ file ] Source hostname Source Path hostname Port <Unknown> Host dakar.sghosh.org Source RPM Packages Target RPM Packages glibc-2.26-26.fc27.x86_64 Policy RPM selinux-policy-3.13.1-283.26.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name xxxx Platform Linux xxxx 4.15.7-300.fc27.x86_64 #1 SMP Wed Feb 28 17:53:39 UTC 2018 x86_64 x86_64 Alert Count 1 First Seen 2018-03-12 19:34:13 EDT Last Seen 2018-03-12 19:34:13 EDT Local ID a29f17c5-e2ce-4765-be80-3a1baebdd5a7 Raw Audit Messages type=AVC msg=audit(1520897653.83:385): avc: denied { map } for pid=9657 comm="hostname" path="/etc/ld.so.cache" dev="dm-1" ino=100664933 scontext=system_u:system_r:hostname_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file permissive=0 Hash: hostname,hostname_t,etc_t,file,map
*** This bug has been marked as a duplicate of bug 1543153 ***