Description of problem: SELinux is preventing rm from 'remove_name' accesses on the directory .deliver_lock. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that rm should be allowed remove_name access on the .deliver_lock directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'rm' --raw | audit2allow -M my-rm # semodule -X 300 -i my-rm.pp Additional Information: Source Context system_u:system_r:fsdaemon_t:s0 Target Context system_u:object_r:mail_home_rw_t:s0 Target Objects .deliver_lock [ dir ] Source rm Source Path rm Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-283.34.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 4.16.11-200.fc27.x86_64 #1 SMP Tue May 22 18:36:25 UTC 2018 x86_64 x86_64 Alert Count 427 First Seen 2016-07-25 15:50:38 AST Last Seen 2018-05-27 17:26:03 AST Local ID 6786cd69-a377-4cff-8c7a-cb1836d4e0ed Raw Audit Messages type=AVC msg=audit(1527456363.979:243): avc: denied { remove_name } for pid=6759 comm="dotlockfile" name=".deliver_lock" dev="sda2" ino=1703959 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:mail_home_rw_t:s0 tclass=dir permissive=1 Hash: rm,fsdaemon_t,mail_home_rw_t,dir,remove_name Version-Release number of selected component: selinux-policy-3.13.1-283.34.fc27.noarch Additional info: component: selinux-policy reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.16.11-200.fc27.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 1582701 ***
*** Bug 1591380 has been marked as a duplicate of this bug. ***