Description of problem: SELinux is preventing tlp from 'write' accesses on the Datei lock_tlp. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that tlp should be allowed write access on the lock_tlp file by default. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do allow this access for now by executing: # ausearch -c 'tlp' --raw | audit2allow -M my-tlp # semodule -X 300 -i my-tlp.pp Additional Information: Source Context system_u:system_r:tlp_t:s0 Target Context system_u:object_r:var_run_t:s0 Target Objects lock_tlp [ file ] Source tlp Source Path tlp Port <Unbekannt> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.1-18.fc28.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.16.0-0.rc6.git0.2.fc28.x86_64 #1 SMP Mon Mar 19 17:05:43 UTC 2018 x86_64 x86_64 Alert Count 4 First Seen 2018-03-30 12:21:11 CEST Last Seen 2018-03-30 13:58:43 CEST Local ID e9990398-625a-456d-a9db-325a19a9c678 Raw Audit Messages type=AVC msg=audit(1522411123.593:270): avc: denied { write } for pid=5476 comm="tlp" name="lock_tlp" dev="tmpfs" ino=32986 scontext=system_u:system_r:tlp_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0 Hash: tlp,tlp_t,var_run_t,file,write Version-Release number of selected component: selinux-policy-3.14.1-18.fc28.noarch Additional info: component: selinux-policy reporter: libreport-2.9.4 hashmarkername: setroubleshoot kernel: 4.16.0-0.rc6.git0.2.fc28.x86_64 type: libreport Potential duplicate: bug 1510249
Hi, Please update selinux-policy package, it should fix our issue. THanks, Lukas.
Description of problem: Happens upon login to Gnome Version-Release number of selected component: selinux-policy-3.14.1-24.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.16.9-300.fc28.x86_64 type: libreport
Description of problem: On Fedora 28 KDE login, battery management app tlp not allowed to write Version-Release number of selected component: selinux-policy-3.14.1-32.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.16.14-300.fc28.x86_64 type: libreport
Description of problem: Boot the system. Version-Release number of selected component: selinux-policy-3.14.1-32.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.0 type: libreport
selinux-policy-3.14.1-32.fc28.noarch will have the same problem, so in which version will it fixed?
Not solved in selinux-policy-3.14.1-32.fc28.noarch
Description of problem: restorecon -Rv /var/tlp does not help Version-Release number of selected component: selinux-policy-3.14.1-32.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.5-200.fc28.x86_64 type: libreport
Description of problem: Normal operations. WOrking in Chrome, IntelliJ IDEA. Version-Release number of selected component: selinux-policy-3.14.1-32.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.7-200.fc28.x86_64 type: libreport
Description of problem: each time it's notified with Selinux Version-Release number of selected component: selinux-policy-3.14.1-32.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.7-200.fc28.x86_64 type: libreport
selinux-policy-3.14.1-36.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-1050fb248b
selinux-policy-3.14.1-36.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-1050fb248b
selinux-policy-3.14.1-36.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
*** Bug 1609576 has been marked as a duplicate of this bug. ***
Description of problem: Running on Dell XPS 9560, I didn't really do actually anything. I booted up as usual, plugged in a USB HD, ejected the HD and then the SELinux alert appear a good few minutes after this... Long enough for me to assume that the HD removal was not linked. Version-Release number of selected component: selinux-policy-3.14.1-36.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.9-200.fc28.x86_64 type: libreport
Description of problem: Not sure. Version-Release number of selected component: selinux-policy-3.14.1-37.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.11-200.fc28.x86_64 type: libreport
same problem here with hp 640 g1
Description of problem: just enabled tlp Version-Release number of selected component: selinux-policy-3.14.1-40.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.14-202.fc28.x86_64 type: libreport
Description of problem: TLP appears to be creating its lock file with an incorrect contexts scontext=system_u:system_r:tlp_t:s0 tcontext=system_u:object_r:var_lib_t:s0 Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.16.16-200.fc27.x86_64 type: libreport
Description of problem: tlp service starts up Version-Release number of selected component: selinux-policy-3.14.1-40.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.19-200.fc28.x86_64 type: libreport
Description of problem: Not sure what causes it but it seems to be fair to allow tlp to access its own file. At least lock_tlp sounds like it does belong to tlp. Version-Release number of selected component: selinux-policy-3.14.1-47.fc28.noarch Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.18.16-200.fc28.x86_64 type: libreport