Description of problem: SELinux is preventing dnssec-triggerd from 'read' accesses on the chr_file random. ***** Plugin catchall_boolean (89.3 confidence) suggests ****************** Sie folgendes tun möchten: allow authlogin to nsswitch use ldap Then sie müssen SELinux darüber benachrichtigen, indem Sie die boolesche Variable »authlogin_nsswitch_use_ldap« aktivieren. Do setsebool -P authlogin_nsswitch_use_ldap 1 ***** Plugin catchall (11.6 confidence) suggests ************************** If you believe that dnssec-triggerd should be allowed read access on the random chr_file by default. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do allow this access for now by executing: # ausearch -c 'dnssec-triggerd' --raw | audit2allow -M my-dnssectriggerd # semodule -X 300 -i my-dnssectriggerd.pp Additional Information: Source Context system_u:system_r:dnssec_trigger_t:s0 Target Context system_u:object_r:random_device_t:s0 Target Objects random [ chr_file ] Source dnssec-triggerd Source Path dnssec-triggerd Port <Unbekannt> Host (removed) Source RPM Packages Target RPM Packages Policy RPM <Unbekannt> Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.18.5-300.fc29.x86_64 #1 SMP Fri Aug 24 17:16:35 UTC 2018 x86_64 x86_64 Alert Count 29 First Seen 2018-08-29 12:29:26 CEST Last Seen 2018-09-06 13:40:19 CEST Local ID f9e057c8-b6cb-4c78-8236-ca77fbbad76b Raw Audit Messages type=AVC msg=audit(1536234019.441:122): avc: denied { read } for pid=1120 comm="dnssec-trigger-" name="random" dev="devtmpfs" ino=39 scontext=system_u:system_r:dnssec_trigger_t:s0 tcontext=system_u:object_r:random_device_t:s0 tclass=chr_file permissive=0 Hash: dnssec-triggerd,dnssec_trigger_t,random_device_t,chr_file,read Additional info: component: selinux-policy reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.18.5-300.fc29.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 1624554 ***