Description of problem: Stand-alone Sophos antivirus is installed. SELinux is preventing abrt-action-sav from 'write' accesses on the file /var/lib/rpm/.dbenv.lock. ***** Plugin restorecon (99.5 confidence) suggests ************************ If you want to fix the label. /var/lib/rpm/.dbenv.lock default label should be rpm_var_lib_t. Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly. Do # /sbin/restorecon -v /var/lib/rpm/.dbenv.lock ***** Plugin catchall (1.49 confidence) suggests ************************** If you believe that abrt-action-sav should be allowed write access on the .dbenv.lock file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'abrt-action-sav' --raw | audit2allow -M my-abrtactionsav # semodule -X 300 -i my-abrtactionsav.pp Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:var_lib_t:s0 Target Objects /var/lib/rpm/.dbenv.lock [ file ] Source abrt-action-sav Source Path abrt-action-sav Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM <Unknown> Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.16.2-300.fc28.x86_64 #1 SMP Thu Apr 12 14:58:07 UTC 2018 x86_64 x86_64 Alert Count 144 First Seen 2018-04-21 22:36:30 CEST Last Seen 2018-04-21 22:36:34 CEST Local ID 8f5ad15e-0d67-4380-9363-20152a41f300 Raw Audit Messages type=AVC msg=audit(1524342994.48:1304): avc: denied { write } for pid=16795 comm="abrt-action-lis" name=".dbenv.lock" dev="dm-0" ino=917697 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0 Hash: abrt-action-sav,abrt_t,var_lib_t,file,write Additional info: component: selinux-policy reporter: libreport-2.9.4 hashmarkername: setroubleshoot kernel: 4.16.2-300.fc28.x86_64 type: libreport Potential duplicate: bug 1209244
Description of problem: sav (Sophos antivirus) Additional info: reporter: libreport-2.9.4 hashmarkername: setroubleshoot kernel: 4.16.2-300.fc28.x86_64 type: libreport
Description of problem: Occured along with the use of Firefox. Additional info: reporter: libreport-2.9.4 hashmarkername: setroubleshoot kernel: 4.16.2-300.fc28.x86_64 type: libreport
Description of problem: I get this error message after I boot my laptop. I don't know why it happens. Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.16.5-300.fc28.x86_64 type: libreport
selinux-policy-3.14.1-25.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-d19ffdb4ba
selinux-policy-3.14.1-25.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-d19ffdb4ba
selinux-policy-3.14.1-25.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
Description of problem: Running kernel tests suite. Additional info: reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.0-200.fc28.x86_64 type: libreport
abrt-action-sav /var/lib/rpm/.dbenv.lock LANG=C dnf info selinux-policy Last metadata expiration check: 0:23:33 ago on Thu Nov 1 10:17:16 2018. Installed Packages Name : selinux-policy Version : 3.14.2 Release : 40.fc29 Arch : noarch Size : 24 k Source : selinux-policy-3.14.2-40.fc29.src.rpm Repo : @System Summary : SELinux policy configuration URL : %{git0-base} License : GPLv2+ Description : SELinux Base package for SELinux Reference Policy - modular. : Based off of reference policy: Checked out revision 2.20091117
I see 3.14.1 being most recent, and I still have the bug LANG=C dnf --enablerepo=updates-testing info selinux-policy Last metadata expiration check: 0:00:00 ago on Mon Nov 19 09:12:10 2018. Installed Packages Name : selinux-policy Version : 3.14.1 Release : 48.fc28 Arch : noarch Size : 24 k Source : selinux-policy-3.14.1-48.fc28.src.rpm Repo : @System From repo : updates Summary : SELinux policy configuration URL : %{git0-base} License : GPLv2+ Description : SELinux Base package for SELinux Reference Policy - modular. : Based off of reference policy: Checked out revision 2.20091117
I see the bug on F29 too - during startup for example. SELinux is preventing abrt-action-sav from write access on the file /var/lib/rpm/.dbenv.lock. ***** Plugin restorecon (99.5 confidence) suggests ************************ If you want to fix the label. /var/lib/rpm/.dbenv.lock default label should be rpm_var_lib_t. Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly. Do # /sbin/restorecon -v /var/lib/rpm/.dbenv.lock ***** Plugin catchall (1.49 confidence) suggests ************************** If you believe that abrt-action-sav should be allowed write access on the .dbenv.lock file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'abrt-action-sav' --raw | audit2allow -M my-abrtactionsav # semodule -X 300 -i my-abrtactionsav.pp Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:var_lib_t:s0 Target Objects /var/lib/rpm/.dbenv.lock [ file ] Source abrt-action-sav Source Path abrt-action-sav Port <Unknown> Host unused-4-162-brq-redhat-com Source RPM Packages Target RPM Packages Policy RPM <Unknown> Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name unused-4-162-brq-redhat-com Platform Linux unused-4-162-brq-redhat-com 4.20.14-200.fc29.x86_64 #1 SMP Tue Mar 5 19:55:32 UTC 2019 x86_64 x86_64 Alert Count 326 First Seen 2019-03-12 08:49:58 CET Last Seen 2019-03-12 19:08:03 CET Local ID eec7ee50-97d3-4af2-9479-79c6f459ce2e Raw Audit Messages type=AVC msg=audit(1552414083.604:2246): avc: denied { write } for pid=14895 comm="abrt-action-lis" name=".dbenv.lock" dev="dm-1" ino=2761231 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0 Hash: abrt-action-sav,abrt_t,var_lib_t,file,write It seems it will need more investigating, I'm reopening the issue.
Shotwell just crashed. I'm getting this message by the truckload trying to report the crash. I tried running restorecon -R -v /var and the messages stopped coming. I'm not sure if that's because whatever problem had run its course, or because something was labeled wrong and restorecon finally got it. Here's what seems to be the relevant part of what restorecon did: Relabeled /var/lib/rpm from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/__db.001 from system_u:object_r:var_lib_t:s0 to system_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Sigmd5 from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Name from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Suggestname from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Triggername from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Supplementname from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/__db.002 from system_u:object_r:var_lib_t:s0 to system_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Obsoletename from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Requirename from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Sha1header from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Basenames from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Dirnames from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Installtid from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Group from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/__db.003 from system_u:object_r:var_lib_t:s0 to system_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Filetriggername from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Packages from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Conflictname from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Transfiletriggername from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Providename from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/.dbenv.lock from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Recommendname from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/.rpm.lock from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Enhancename from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0
This message is a reminder that Fedora 28 is nearing its end of life. On 2019-May-28 Fedora will stop maintaining and issuing updates for Fedora 28. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '28'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 28 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 28 changed to end-of-life (EOL) status on 2019-05-28. Fedora 28 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.