Description of problem: restorecon only helps until next dnf update. SELinux is preventing ldconfig from 'map' accesses on the Datei /usr/lib64/liblvm2cmd.so.2.02. ***** Plugin restorecon (99.5 confidence) suggests ************************ If you want to fix the label. /usr/lib64/liblvm2cmd.so.2.02 default label should be lib_t. Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly. Do # /sbin/restorecon -v /usr/lib64/liblvm2cmd.so.2.02 ***** Plugin catchall (1.49 confidence) suggests ************************** If you believe that ldconfig should be allowed map access on the liblvm2cmd.so.2.02 file by default. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do allow this access for now by executing: # ausearch -c 'ldconfig' --raw | audit2allow -M my-ldconfig # semodule -X 300 -i my-ldconfig.pp Additional Information: Source Context system_u:system_r:ldconfig_t:s0 Target Context system_u:object_r:kdumpctl_tmp_t:s0 Target Objects /usr/lib64/liblvm2cmd.so.2.02 [ file ] Source ldconfig Source Path ldconfig Port <Unbekannt> Host (removed) Source RPM Packages Target RPM Packages lvm2-libs-2.02.177-5.fc28.x86_64 Policy RPM selinux-policy-3.14.1-32.fc28.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.17.7-200.fc28.x86_64 #1 SMP Tue Jul 17 16:28:31 UTC 2018 x86_64 x86_64 Alert Count 119 First Seen 2018-07-23 17:10:29 CEST Last Seen 2018-07-23 17:10:29 CEST Local ID fc028dcc-f54c-4ea8-b6d5-637e603e3d3d Raw Audit Messages type=AVC msg=audit(1532358629.875:305): avc: denied { map } for pid=7460 comm="ldconfig" path="/usr/lib64/liblvm2cmd.so.2.02" dev="dm-1" ino=270029575 scontext=system_u:system_r:ldconfig_t:s0 tcontext=system_u:object_r:kdumpctl_tmp_t:s0 tclass=file permissive=0 Hash: ldconfig,ldconfig_t,kdumpctl_tmp_t,file,map Version-Release number of selected component: selinux-policy-3.14.1-32.fc28.noarch Additional info: component: selinux-policy reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.17.7-200.fc28.x86_64 type: libreport
selinux-policy-3.14.1-36.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-1050fb248b
selinux-policy-3.14.1-36.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-1050fb248b
selinux-policy-3.14.1-36.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.