Description of problem: SELinux is preventing (systemd) from 'module_request' accesses on the system Unknown. ***** Plugin catchall_boolean (89.3 confidence) suggests ****************** If you want to allow domain to kernel load modules Then you must tell SELinux about this by enabling the 'domain_kernel_load_modules' boolean. Do setsebool -P domain_kernel_load_modules 1 ***** Plugin catchall (11.6 confidence) suggests ************************** If you believe that (systemd) should be allowed module_request access on the Unknown system by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c '(systemd)' --raw | audit2allow -M my-systemd # semodule -X 300 -i my-systemd.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:system_r:kernel_t:s0 Target Objects Unknown [ system ] Source (systemd) Source Path (systemd) Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-283.28.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.16.0-rc1-amd-vega+ #10 SMP Sat Mar 17 01:56:40 +05 2018 x86_64 x86_64 Alert Count 857 First Seen 2018-03-15 19:54:58 +05 Last Seen 2018-03-17 11:26:50 +05 Local ID 9a4dd02d-24d2-4003-a92f-5e630525a75c Raw Audit Messages type=AVC msg=audit(1521268010.367:249): avc: denied { module_request } for pid=2217 comm="(systemd)" kmod=6E65746465762D05 scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system permissive=0 Hash: (systemd),init_t,kernel_t,system,module_request Version-Release number of selected component: selinux-policy-3.13.1-283.28.fc27.noarch Additional info: component: selinux-policy reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.16.0-rc1-amd-vega+ type: libreport
Description of problem: occured after # dnf update Version-Release number of selected component: selinux-policy-3.13.1-283.28.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.16.0-rc6-mm_thp type: libreport
Description of problem: Occured again after # dnf update Mar 24 16:50:08 localhost.localdomain systemd[1]: Starting system activity accounting tool... Mar 24 16:50:08 localhost.localdomain systemd[1]: Started system activity accounting tool. Mar 24 16:50:08 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sysstat-collect comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 24 16:50:08 localhost.localdomain audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sysstat-collect comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 24 16:52:47 localhost.localdomain NetworkManager[1012]: <info> [1521892367.2056] connectivity: (enp0s20u9u1u4) response shorter than expected 'OK'; assuming captive portal. Mar 24 16:53:20 localhost.localdomain org.gnome.Shell.desktop[2276]: libinput error: client bug: timer event5 debounce: offset negative (-48ms) Mar 24 16:53:31 localhost.localdomain dbus-daemon[903]: [system] Reloaded configuration Mar 24 16:53:31 localhost.localdomain dbus-daemon[903]: [system] Reloaded configuration Mar 24 16:53:31 localhost.localdomain gnome-software[2755]: failed to rescan: No valid root node specified Mar 24 16:53:31 localhost.localdomain gnome-software[2755]: failed to rescan: Failed to parse /usr/share/applications/ibus-setup-libbopomofo.desktop file: cannot process file of type application/x-desktop Mar 24 16:53:31 localhost.localdomain gnome-software[2755]: failed to rescan: Failed to parse /usr/share/applications/ibus-setup-libpinyin.desktop file: cannot process file of type application/x-desktop Mar 24 16:53:32 localhost.localdomain dbus-daemon[903]: [system] Reloaded configuration Mar 24 16:53:32 localhost.localdomain dbus-daemon[903]: [system] Reloaded configuration Mar 24 16:53:32 localhost.localdomain dbus-daemon[903]: [system] Reloaded configuration Mar 24 16:53:32 localhost.localdomain dbus-daemon[903]: [system] Reloaded configuration Mar 24 16:53:32 localhost.localdomain dbus-daemon[1431]: [session uid=42 pid=1431] Reloaded configuration Mar 24 16:53:32 localhost.localdomain dbus-daemon[2189]: [session uid=1000 pid=2189] Reloaded configuration Mar 24 16:53:32 localhost.localdomain dbus-daemon[1431]: [session uid=42 pid=1431] Reloaded configuration Mar 24 16:53:32 localhost.localdomain dbus-daemon[2189]: [session uid=1000 pid=2189] Reloaded configuration Mar 24 16:53:33 localhost.localdomain polkitd[950]: Reloading rules Mar 24 16:53:33 localhost.localdomain polkitd[950]: Collecting garbage unconditionally... Mar 24 16:53:33 localhost.localdomain polkitd[950]: Loading rules from directory /etc/polkit-1/rules.d Mar 24 16:53:33 localhost.localdomain polkitd[950]: Loading rules from directory /usr/share/polkit-1/rules.d Mar 24 16:53:33 localhost.localdomain polkitd[950]: Finished loading, compiling and executing 10 rules Mar 24 16:53:33 localhost.localdomain polkitd[950]: Reloading rules Mar 24 16:53:33 localhost.localdomain polkitd[950]: Collecting garbage unconditionally... Mar 24 16:53:33 localhost.localdomain polkitd[950]: Loading rules from directory /etc/polkit-1/rules.d Mar 24 16:53:33 localhost.localdomain polkitd[950]: Loading rules from directory /usr/share/polkit-1/rules.d Mar 24 16:53:33 localhost.localdomain polkitd[950]: Finished loading, compiling and executing 10 rules Mar 24 16:53:36 localhost.localdomain gnome-software[2755]: failed to rescan: No valid root node specified Mar 24 16:53:36 localhost.localdomain gnome-software[2755]: failed to rescan: Failed to parse /usr/share/applications/ibus-setup-libzhuyin.desktop file: cannot process file of type application/x-desktop Mar 24 16:53:37 localhost.localdomain PackageKit[1931]: search-file transaction /1896_dcdbcebc from uid 1000 finished with success after 321ms Mar 24 16:53:37 localhost.localdomain gnome-software[2755]: Failed to find one package for Sbis3Plugin.desktop, /usr/share/applications/Sbis3Plugin.desktop, [0] Mar 24 16:53:37 localhost.localdomain PackageKit[1931]: search-file transaction /1897_cbeddebb from uid 1000 finished with success after 20ms Mar 24 16:53:37 localhost.localdomain gnome-software[2755]: Failed to find one package for gnome-system-monitor-kde.desktop, /usr/share/applications/gnome-system-monitor-kde.desktop, [0] Mar 24 16:53:37 localhost.localdomain PackageKit[1931]: get-details transaction /1898_dcbbbaec from uid 1000 finished with success after 4ms Mar 24 16:53:38 localhost.localdomain systemd[1]: Starting dnf makecache... Mar 24 16:53:43 localhost.localdomain systemd[1]: Started /usr/bin/systemctl start man-db-cache-update. Mar 24 16:53:43 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r94528b54a6d149bc9c5549934ffc369b comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 24 16:53:43 localhost.localdomain audit[28528]: AVC avc: denied { module_request } for pid=28528 comm="systemctl" kmod="netdev-" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system permissive=0 Mar 24 16:53:43 localhost.localdomain systemd[1]: cgroup compatibility translation between legacy and unified hierarchy settings activated. See cgroup-compat debug messages for details. Mar 24 16:53:43 localhost.localdomain systemd[1]: Starting man-db-cache-update.service... Mar 24 16:53:43 localhost.localdomain systemd[1]: Reloading. Mar 24 16:53:44 localhost.localdomain systemd[1]: Started /usr/bin/systemctl start man-db-cache-update. Mar 24 16:53:44 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r84edf5855ab54230bf9bf76c86122812 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 24 16:53:44 localhost.localdomain audit[28565]: AVC avc: denied { module_request } for pid=28565 comm="systemctl" kmod="netdev-" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system permissive=0 Mar 24 16:53:47 localhost.localdomain dbus-daemon[903]: [system] Activating service name='org.fedoraproject.Setroubleshootd' requested by ':1.26' (uid=0 pid=878 comm="/usr/sbin/sedispatch " label="system_u:system_r:audisp_t:s0") (using servicehelper) Mar 24 16:53:48 localhost.localdomain dbus-daemon[903]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd' Mar 24 16:53:48 localhost.localdomain setroubleshoot[29467]: SELinux is preventing (systemd) from module_request access on the system Unknown. For complete SELinux messages run: sealert -l 9a4dd02d-24d2-4003-a92f-5e630525a75c Mar 24 16:53:48 localhost.localdomain python3[29467]: SELinux is preventing (systemd) from module_request access on the system Unknown. ***** Plugin catchall_boolean (89.3 confidence) suggests ****************** If you want to allow domain to kernel load modules Then you must tell SELinux about this by enabling the 'domain_kernel_load_modules' boolean. Do setsebool -P domain_kernel_load_modules 1 ***** Plugin catchall (11.6 confidence) suggests ************************** If you believe that (systemd) should be allowed module_request access on the Unknown system by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c '(systemd)' --raw | audit2allow -M my-systemd # semodule -X 300 -i my-systemd.pp Mar 24 16:53:48 localhost.localdomain setroubleshoot[29467]: SELinux is preventing (systemd) from module_request access on the system Unknown. For complete SELinux messages run: sealert -l 9a4dd02d-24d2-4003-a92f-5e630525a75c Mar 24 16:53:48 localhost.localdomain python3[29467]: SELinux is preventing (systemd) from module_request access on the system Unknown. ***** Plugin catchall_boolean (89.3 confidence) suggests ****************** If you want to allow domain to kernel load modules Then you must tell SELinux about this by enabling the 'domain_kernel_load_modules' boolean. Do setsebool -P domain_kernel_load_modules 1 ***** Plugin catchall (11.6 confidence) suggests ************************** If you believe that (systemd) should be allowed module_request access on the Unknown system by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c '(systemd)' --raw | audit2allow -M my-systemd # semodule -X 300 -i my-systemd.pp Mar 24 16:53:53 localhost.localdomain systemd[1]: Started man-db-cache-update.service. Mar 24 16:53:53 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 24 16:53:53 localhost.localdomain audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 24 16:53:53 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r94528b54a6d149bc9c5549934ffc369b comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 24 16:53:53 localhost.localdomain audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r94528b54a6d149bc9c5549934ffc369b comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 24 16:53:53 localhost.localdomain audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r84edf5855ab54230bf9bf76c86122812 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 24 16:53:53 localhost.localdomain dnf[28467]: Last metadata expiration check: 0:00:00 ago on Sat 24 Mar 2018 04:53:53 PM +05. Mar 24 16:53:53 localhost.localdomain dnf[28467]: Metadata cache created. Mar 24 16:53:53 localhost.localdomain systemd[1]: Started dnf makecache. Mar 24 16:53:53 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dnf-makecache comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 24 16:53:53 localhost.localdomain audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dnf-makecache comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 24 16:54:06 localhost.localdomain dbus-daemon[2189]: [session uid=1000 pid=2189] Activating service name='org.gnome.ControlCenter.SearchProvider' requested by ':1.17' (uid=1000 pid=2276 comm="/usr/bin/gnome-shell " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023") Mar 24 16:54:06 localhost.localdomain dbus-daemon[2189]: [session uid=1000 pid=2189] Activating service name='org.gnome.Contacts.SearchProvider' requested by ':1.17' (uid=1000 pid=2276 comm="/usr/bin/gnome-shell " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023") Mar 24 16:54:06 localhost.localdomain dbus-daemon[2189]: [session uid=1000 pid=2189] Activating service name='org.gnome.Documents' requested by ':1.17' (uid=1000 pid=2276 comm="/usr/bin/gnome-shell " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023") Mar 24 16:54:06 localhost.localdomain dbus-daemon[2189]: [session uid=1000 pid=2189] Activating service name='org.gnome.Nautilus' requested by ':1.17' (uid=1000 pid=2276 comm="/usr/bin/gnome-shell " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023") Mar 24 16:54:06 localhost.localdomain dbus-daemon[2189]: [session uid=1000 pid=2189] Activating service name='org.gnome.Boxes.SearchProvider' requested by ':1.17' (uid=1000 pid=2276 comm="/usr/bin/gnome-shell " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023") Mar 24 16:54:06 localhost.localdomain dbus-daemon[2189]: [session uid=1000 pid=2189] Activating service name='org.gnome.Calculator.SearchProvider' requested by ':1.17' (uid=1000 pid=2276 comm="/usr/bin/gnome-shell " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023") Mar 24 16:54:06 localhost.localdomain dbus-daemon[2189]: [session uid=1000 pid=2189] Activating service name='org.gnome.Calendar' requested by ':1.17' (uid=1000 pid=2276 comm="/usr/bin/gnome-shell " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023") Mar 24 16:54:06 localhost.localdomain dbus-daemon[2189]: [session uid=1000 pid=2189] Activating service name='org.gnome.clocks' requested by ':1.17' (uid=1000 pid=2276 comm="/usr/bin/gnome-shell " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023") Mar 24 16:54:06 localhost.localdomain dbus-daemon[2189]: [session uid=1000 pid=2189] Successfully activated service 'org.gnome.Calculator.SearchProvider' Mar 24 16:54:06 localhost.localdomain dbus-daemon[2189]: [session uid=1000 pid=2189] Successfully activated service 'org.gnome.Boxes.SearchProvider' Mar 24 16:54:06 localhost.localdomain dbus-daemon[2189]: [session uid=1000 pid=2189] Successfully activated service 'org.gnome.ControlCenter.SearchProvider' Mar 24 16:54:06 localhost.localdomain dbus-daemon[2189]: [session uid=1000 pid=2189] Successfully activated service 'org.gnome.Nautilus' Mar 24 16:54:06 localhost.localdomain dbus-daemon[2189]: [session uid=1000 pid=2189] Successfully activated service 'org.gnome.clocks' Mar 24 16:54:06 localhost.localdomain nautilus[31547]: Init Stock Icons Mar 24 16:54:06 localhost.localdomain dbus-daemon[2189]: [session uid=1000 pid=2189] Successfully activated service 'org.gnome.Documents' Mar 24 16:54:07 localhost.localdomain dbus-daemon[2189]: [session uid=1000 pid=2189] Successfully activated service 'org.gnome.Calendar' Mar 24 16:54:07 localhost.localdomain dbus-daemon[2189]: [session uid=1000 pid=2189] Successfully activated service 'org.gnome.Contacts.SearchProvider' Mar 24 16:54:07 localhost.localdomain gnome-contacts-[31543]: contacts-store.vala:334: Unable to check accounts caps The name org.freedesktop.Telepathy.AccountManager was not provided by any .service files Mar 24 16:54:07 localhost.localdomain gnome-contacts-[31543]: backend-store.vala:434: Error preparing Backend 'telepathy': The name org.freedesktop.Telepathy.AccountManager was not provided by any .service files Mar 24 16:54:07 localhost.localdomain gnome-keyring-daemon[2175]: asked to register item /org/freedesktop/secrets/collection/login/514, but it's already registered Mar 24 16:54:08 localhost.localdomain dbus-daemon[2189]: [session uid=1000 pid=2189] Activating service name='org.fedoraproject.Setroubleshootd' requested by ':1.1508' (uid=1000 pid=31709 comm="/usr/bin/python3 -Es /usr/bin/sealert -b " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023") Mar 24 16:54:09 localhost.localdomain dbus-daemon[2189]: [session uid=1000 pid=2189] Successfully activated service 'org.fedoraproject.Setroubleshootd' Mar 24 16:54:10 localhost.localdomain dbus-daemon[903]: [system] Activating service name='org.fedoraproject.Setroubleshootd' requested by ':1.157' (uid=1000 pid=31731 comm="/usr/bin/python3 -Es /usr/bin/sealert -s " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023") (using servicehelper) Mar 24 16:54:10 localhost.localdomain dbus-daemon[903]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd' Mar 24 16:54:11 localhost.localdomain sealert[31731]: gtk_grid_attach: assertion '_gtk_widget_get_parent (child) == NULL' failed Mar 24 16:54:11 localhost.localdomain sealert[31731]: gtk_grid_attach: assertion '_gtk_widget_get_parent (child) == NULL' failed Mar 24 16:54:17 localhost.localdomain sealert[31731]: gtk_grid_attach: assertion '_gtk_widget_get_parent (child) == NULL' failed Mar 24 16:54:17 localhost.localdomain sealert[31731]: gtk_grid_attach: assertion '_gtk_widget_get_parent (child) == NULL' failed Mar 24 16:54:24 localhost.localdomain sealert[31731]: gtk_grid_attach: assertion '_gtk_widget_get_parent (child) == NULL' failed Mar 24 16:54:24 localhost.localdomain sealert[31731]: gtk_grid_attach: assertion '_gtk_widget_get_parent (child) == NULL' failed Version-Release number of selected component: selinux-policy-3.13.1-283.28.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.16.0-rc6 type: libreport
selinux-policy-3.13.1-283.29.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-ad9976b6a2
selinux-policy-3.13.1-283.29.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-ad9976b6a2
selinux-policy-3.13.1-283.29.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.