Description of problem: On an up-to date rawhide system, after full relabel and another reboot just to be sure SELinux is preventing (uetoothd) from 'mounton' accesses on the fichier /run/systemd/unit-root/proc/kcore. ***** Plugin catchall (100. confidence) suggests ************************** Si vous pensez que (uetoothd) devrait être autorisé à accéder mounton sur kcore file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # ausearch -c "(uetoothd)" --raw | audit2allow -M my-uetoothd # semodule -X 300 -i my-uetoothd.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:proc_kcore_t:s0 Target Objects /run/systemd/unit-root/proc/kcore [ file ] Source (uetoothd) Source Path (uetoothd) Port <Inconnu> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.2-26.fc29.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 4.18.0-0.rc2.git3.1.fc29.x86_64 #1 SMP Thu Jun 28 15:41:46 UTC 2018 x86_64 x86_64 Alert Count 9 First Seen 2018-06-30 10:54:26 CEST Last Seen 2018-06-30 10:58:33 CEST Local ID a9989424-f634-41e2-a648-ddc6f55f7b10 Raw Audit Messages type=AVC msg=audit(1530349113.405:290): avc: denied { mounton } for pid=2566 comm="(fprintd)" path="/run/systemd/unit-root/proc/kcore" dev="proc" ino=4026532046 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:proc_kcore_t:s0 tclass=file permissive=1 Hash: (uetoothd),init_t,proc_kcore_t,file,mounton Version-Release number of selected component: selinux-policy-3.14.2-26.fc29.noarch Additional info: component: selinux-policy reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.18.0-0.rc2.git3.1.fc29.x86_64 type: libreport
This bug appears to have been reported against 'rawhide' during the Fedora 29 development cycle. Changing version to '29'.
selinux-policy-3.14.2-34.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-db240a1726
selinux-policy-3.14.2-34.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.