Description of problem: Tried to sudo -u root cat .bashrc >>/home/autopsy/.bashrc Then I got the AVC SELinux Denial Window. SELinux is preventing mv from 'associate' accesses on the filesystem null. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that mv should be allowed associate access on the null filesystem by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'mv' --raw | audit2allow -M my-mv # semodule -X 300 -i my-mv.pp Additional Information: Source Context unconfined_u:object_r:admin_home_t:s0 Target Context system_u:object_r:device_t:s0 Target Objects null [ filesystem ] Source mv Source Path mv Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-283.30.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.15.17-300.fc27.x86_64 #1 SMP Thu Apr 12 18:19:17 UTC 2018 x86_64 Alert Count 3 First Seen 2018-04-27 01:56:27 MST Last Seen 2018-04-27 01:57:11 MST Local ID 09a4c251-5f23-4fcf-bcd1-a7f1ab5ad4a9 Raw Audit Messages type=AVC msg=audit(1524819431.422:1968): avc: denied { associate } for pid=4380 comm="mv" name="null" scontext=unconfined_u:object_r:admin_home_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=filesystem permissive=0 Hash: mv,admin_home_t,device_t,filesystem,associate Version-Release number of selected component: selinux-policy-3.13.1-283.30.fc27.noarch Additional info: component: selinux-policy reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.16.7-200.fc27.x86_64 type: libreport
My /home/autopsy user is in the wheel group and the directory permissions are rwx------ /home/autopsy
Description of problem: Not sure how this occurred this time. I was editing a file in /root/hostname.txt with vim editor and closed and saved it. Then I saw the bug reporting window and SELinux denial. Version-Release number of selected component: selinux-policy-3.13.1-283.30.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.16.7-200.fc27.x86_64 type: libreport
Description of problem: I was running dnf --releasever=28 upgrade fedora-repos-28-2.noarch in lilyterm and with another ROXterm open. I wonder if it's got to do with lilyterm actually. What is this mv on filesystem null? Version-Release number of selected component: selinux-policy-3.13.1-283.30.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.16.7-200.fc27.x86_64 type: libreport
Hi, This is weird SELinux denial, are you able to reproduce it? Thanks, Lukas.
No I can't repproduce. I haven't seen it again since those last times. I may have updated packages which don't exhibit this behavior.
Let's close it. If you'll able to reproduce it, feel free to re-open this BZ.