Fedora Account System
Red Hat Associate
Red Hat Customer
Description of problem: When I started the SELinux Troubleshooter GUI in F28, I saw that selinux denied setroubleshootd from opening /var/lib/rpm/Packages in the journal and audit logs which resulted in errors. The only denial shown in the SELinux Troubleshooter was for denials of the source process mprotheap from performing execheap generated by the default Fedora kernel test paxtest. I'm using the targeted policy in enforcing mode. The output involving setroubleshootd from journalctl -b was Sep 18 13:23:52 dimension dbus-daemon[746]: [system] Activating service name='org.fedoraproject.Setroubleshootd' requested by ':1.107' (uid=1000 pid=4186 comm="/usr/bin/python3 -Es /usr/bin/sealert -s " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023") (using servicehelper) Sep 18 13:23:56 dimension audit[4194]: AVC avc: denied { open } for pid=4194 comm="setroubleshootd" path="/var/lib/rpm/Packages" dev="dm-0" ino=1836394 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0 Sep 18 13:23:56 dimension audispd[715]: node=dimension type=AVC msg=audit(1537291436.062:384): avc: denied { open } for pid=4194 comm="setroubleshootd" path="/var/lib/rpm/Packages" dev="dm-0" ino=1836394 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0 Sep 18 13:23:56 dimension org.fedoraproject.Setroubleshootd[746]: error: cannot open Packages index using db5 - Permission denied (13) Sep 18 13:23:56 dimension org.fedoraproject.Setroubleshootd[746]: error: cannot open Packages database in /var/lib/rpm Sep 18 13:23:56 dimension setroubleshoot[4194]: failed to get filesystem list from rpm Sep 18 13:23:56 dimension dbus-daemon[746]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd' Sep 18 13:23:58 dimension sealert[4186]: gtk_grid_attach: assertion '_gtk_widget_get_parent (child) == NULL' failed Sep 18 13:23:59 dimension sedispatch[725]: AVC Message for setroubleshoot, dropping message Sep 18 13:24:00 dimension sealert[4186]: gtk_grid_attach: assertion '_gtk_widget_get_parent (child) == NULL' failed Sep 18 13:24:00 dimension sealert[4186]: gtk_grid_attach: assertion '_gtk_widget_get_parent (child) == NULL' failed Running sudo ausearch -m AVC,USER_AVC,SELINUX_ERR -ts today time->Tue Sep 18 13:23:56 2018 type=AVC msg=audit(1537291436.062:384): avc: denied { open } for pid=4194 comm="setroubleshootd" path="/var/lib/rpm/Packages" dev="dm-0" ino=1836394 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0 Version-Release number of selected component (if applicable): selinux-policy-0:3.14.1-42.fc28.noarch setroubleshoot-0:3.3.17-1.fc28.i686 setroubleshoot-plugins-0:3.3.9-3.fc28.noarch setroubleshoot-server-0:3.3.17-1.fc28.i686 How reproducible: The denials occurred each time I started SELinux Troubleshooter. Steps to Reproduce: 1. Start SELinux Troubleshooter GUI 2. journalctl -b 3. sudo ausearch -m AVC,USER_AVC,SELINUX_ERR -ts today Actual results: SELinux denial of setroubleshootd from opening /var/lib/rpm/Packages Expected results: No SELinux denials Additional info:
When I ran the following commands three times 1. sudo ausearch -c 'setroubleshootd' --raw | audit2allow -M my-setroubleshootd 2. sudo semodule -X 300 -i my-setroubleshootd.pp 3. SELinux Troubleshooter I got the following denials using sudo ausearch -m AVC,USER_AVC,SELINUX_ERR -ts today ... ---- time->Tue Sep 18 16:33:28 2018 type=AVC msg=audit(1537302808.919:297): avc: denied { read } for pid=3070 comm="setroubleshootd" name="Packages" dev="dm-0" ino=1836394 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0 ---- time->Tue Sep 18 16:37:45 2018 type=USER_AVC msg=audit(1537303065.473:315): pid=707 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: received policyload notice (seqno=3) exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' ---- time->Tue Sep 18 16:38:07 2018 type=AVC msg=audit(1537303087.249:319): avc: denied { lock } for pid=3107 comm="setroubleshootd" path="/var/lib/rpm/Packages" dev="dm-0" ino=1836394 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0 ---- time->Tue Sep 18 16:41:26 2018 type=USER_AVC msg=audit(1537303286.270:338): pid=707 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: received policyload notice (seqno=4) exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' ---- time->Tue Sep 18 16:41:50 2018 type=AVC msg=audit(1537303310.202:342): avc: denied { map } for pid=3141 comm="setroubleshootd" path="/var/lib/rpm/Name" dev="dm-0" ino=1835137 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0 ---- time->Tue Sep 18 16:45:40 2018 type=USER_AVC msg=audit(1537303540.644:359): pid=707 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: received policyload notice (seqno=5) exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' Allowing setroubleshootd to open, read, lock, and map var_lib_t in the following policy rule prevented the denials above: allow setroubleshootd_t var_lib_t:file { lock map open read }; I didn't see other denials in the audit logs or journal when starting SELinux Troubleshooter after that process. I can provide further details if they would help.
I noticed frequent denials of abrt-action-sav writing to /var/lib/rpm/.dbenv.lock and sealert running getattr on /var/lib/rpm/Packages after I updated to F29 on October 10 as shown the following audit messages. type=AVC msg=audit(1539224062.744:263): avc: denied { write } for pid=3371 comm="abrt-action-sav" name=".dbenv.lock" dev="dm-0" ino=1835013 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0 type=AVC msg=audit(1539377227.882:470): avc: denied { getattr } for pid=12841 comm="sealert" path="/var/lib/rpm/Packages" dev="dm-0" ino=1836394 scontext=system_u:system_r:setroubleshoot_fixit_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0 The SELinux Troubleshooter had the following output for the sealert denial: SELinux is preventing sealert from getattr access on the file /var/lib/rpm/Packages. ***** Plugin restorecon (99.5 confidence) suggests ************************ If you want to fix the label. /var/lib/rpm/Packages default label should be rpm_var_lib_t. Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly. Do # /sbin/restorecon -v /var/lib/rpm/Packages After I ran sudo /sbin/restorecon -v /var/lib/rpm/* , the output showed that /var/lib/rpm/* were relabeled from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0. The abrt and sealert denials above didn't occur after running that command. After an incomplete dnf upgrade on September 15, dnf recommended that I run rpm --rebuilddb due to a corruption of the rpm db. I then ran sudo rpm --rebuilddb which completed correctly. I was using rpm-4.14.2-1.fc28 at the time of the rpm db rebuild. I'm reassigning this entry to rpm as I now think the issue with the setroubleshootd denials in my previous comments was more likely that running sudo rpm --rebuilddb relabeled /var/lib/rpm/* to unconfined_u:object_r:var_lib_t:s0. Does running rpm --rebuilddb check that the labels of /var/lib/rpm/* are kept as unconfined_u:object_r:rpm_var_lib_t:s0? If not, could rpm --rebuilddb do so? The setroubleshootd denials in my previous comments didn't show up in the SELinux Troubleshooter GUI so I didn't recognize this issue from its output earlier.
It's a long-standing bug in selinux-policy. *** This bug has been marked as a duplicate of bug 1513720 ***
I was unaware that this issue was known with selinux-policy. When I ran sudo rpm --rebuilddb in F29, /var/lib/rpm/* were relabeled to unconfined_u:object_r:var_lib_t:s0. When I ran sudo /sbin/restorecon -v /var/lib/rpm/* and /var/lib/rpm/* were relabeled from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0. Running /sbin/restorecon -v /var/lib/rpm/* and /sbin/restorecon -v /var/lib/rpm/ at the end of the rpm --rebuilddb program might avoid the denials I and the others commenting on #1513720 saw at least. I'm not familiar enough with how the rpm --rebuild program works to know if that would be appropriate. The following is the commands and output I referred to above for reference. ls -laZ /var/lib/rpm/ total 296164 drwxr-xr-x. 2 root root system_u:object_r:rpm_var_lib_t:s0 4096 Oct 15 10:19 . drwxr-xr-x. 83 root root system_u:object_r:var_lib_t:s0 4096 Oct 9 22:06 .. -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 26112000 Oct 14 22:55 Basenames -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 24576 Oct 14 22:55 Conflictname -rw-r--r--. 1 root root system_u:object_r:rpm_var_lib_t:s0 237568 Oct 15 10:20 __db.001 -rw-r--r--. 1 root root system_u:object_r:rpm_var_lib_t:s0 73728 Oct 15 10:20 __db.002 -rw-r--r--. 1 root root system_u:object_r:rpm_var_lib_t:s0 241896 Oct 15 10:20 __db.003 -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 0 Sep 15 00:08 .dbenv.lock -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 9388032 Oct 14 22:55 Dirnames -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 8192 Sep 15 00:02 Enhancename -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 8192 Oct 10 20:14 Filetriggername -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 49152 Oct 14 22:55 Group -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 61440 Oct 14 22:55 Installtid -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 208896 Oct 14 22:55 Name -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 90112 Oct 14 22:55 Obsoletename -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 260923392 Oct 14 22:55 Packages -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 3072000 Oct 14 22:55 Providename -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 24576 Oct 13 19:17 Recommendname -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 2002944 Oct 14 22:55 Requirename -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 0 Sep 15 00:09 .rpm.lock -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 573440 Oct 14 22:55 Sha1header -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 323584 Oct 14 22:55 Sigmd5 -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 8192 Oct 12 15:09 Suggestname -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 8192 Oct 11 17:12 Supplementname -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 8192 Oct 12 06:23 Transfiletriggername -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 8192 Oct 13 15:53 Triggername sudo rpm --rebuilddb ls -laZ /var/lib/rpm/ total 148500 drwxr-xr-x. 2 root root unconfined_u:object_r:var_lib_t:s0 4096 Oct 15 10:28 . drwxr-xr-x. 83 root root system_u:object_r:var_lib_t:s0 4096 Oct 15 10:35 .. -rw-r--r--. 1 root root unconfined_u:object_r:var_lib_t:s0 19439616 Oct 15 10:35 Basenames -rw-r--r--. 1 root root unconfined_u:object_r:var_lib_t:s0 20480 Oct 15 10:35 Conflictname -rw-r--r--. 1 root root unconfined_u:object_r:var_lib_t:s0 6922240 Oct 15 10:35 Dirnames -rw-r--r--. 1 root root unconfined_u:object_r:var_lib_t:s0 8192 Oct 15 10:28 Enhancename -rw-r--r--. 1 root root unconfined_u:object_r:var_lib_t:s0 8192 Oct 15 10:32 Filetriggername -rw-r--r--. 1 root root unconfined_u:object_r:var_lib_t:s0 49152 Oct 15 10:35 Group -rw-r--r--. 1 root root unconfined_u:object_r:var_lib_t:s0 36864 Oct 15 10:35 Installtid -rw-r--r--. 1 root root unconfined_u:object_r:var_lib_t:s0 163840 Oct 15 10:35 Name -rw-r--r--. 1 root root unconfined_u:object_r:var_lib_t:s0 65536 Oct 15 10:35 Obsoletename -rw-r--r--. 1 root root unconfined_u:object_r:var_lib_t:s0 120815616 Oct 15 10:35 Packages -rw-r--r--. 1 root root unconfined_u:object_r:var_lib_t:s0 2727936 Oct 15 10:35 Providename -rw-r--r--. 1 root root unconfined_u:object_r:var_lib_t:s0 16384 Oct 15 10:35 Recommendname -rw-r--r--. 1 root root unconfined_u:object_r:var_lib_t:s0 1294336 Oct 15 10:35 Requirename -rw-r--r--. 1 root root unconfined_u:object_r:var_lib_t:s0 278528 Oct 15 10:35 Sha1header -rw-r--r--. 1 root root unconfined_u:object_r:var_lib_t:s0 172032 Oct 15 10:35 Sigmd5 -rw-r--r--. 1 root root unconfined_u:object_r:var_lib_t:s0 8192 Oct 15 10:35 Suggestname -rw-r--r--. 1 root root unconfined_u:object_r:var_lib_t:s0 8192 Oct 15 10:35 Supplementname -rw-r--r--. 1 root root unconfined_u:object_r:var_lib_t:s0 8192 Oct 15 10:35 Transfiletriggername -rw-r--r--. 1 root root unconfined_u:object_r:var_lib_t:s0 8192 Oct 15 10:35 Triggername sudo /sbin/restorecon -v /var/lib/rpm/* Relabeled /var/lib/rpm/Basenames from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Conflictname from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Dirnames from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Enhancename from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Filetriggername from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Group from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Installtid from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Name from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Obsoletename from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Packages from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Providename from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Recommendname from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Requirename from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Sha1header from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Sigmd5 from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Suggestname from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Supplementname from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Transfiletriggername from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 Relabeled /var/lib/rpm/Triggername from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 ls -laZ /var/lib/rpm/ total 148500 drwxr-xr-x. 2 root root unconfined_u:object_r:var_lib_t:s0 4096 Oct 15 10:28 . drwxr-xr-x. 83 root root system_u:object_r:var_lib_t:s0 4096 Oct 15 10:35 .. -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 19439616 Oct 15 10:35 Basenames -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 20480 Oct 15 10:35 Conflictname -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 6922240 Oct 15 10:35 Dirnames -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 8192 Oct 15 10:28 Enhancename -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 8192 Oct 15 10:32 Filetriggername -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 49152 Oct 15 10:35 Group -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 36864 Oct 15 10:35 Installtid -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 163840 Oct 15 10:35 Name -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 65536 Oct 15 10:35 Obsoletename -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 120815616 Oct 15 10:35 Packages -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 2727936 Oct 15 10:35 Providename -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 16384 Oct 15 10:35 Recommendname -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 1294336 Oct 15 10:35 Requirename -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 278528 Oct 15 10:35 Sha1header -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 172032 Oct 15 10:35 Sigmd5 -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 8192 Oct 15 10:35 Suggestname -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 8192 Oct 15 10:35 Supplementname -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 8192 Oct 15 10:35 Transfiletriggername -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 8192 Oct 15 10:35 Triggername sudo /sbin/restorecon -v /var/lib/rpm/ Relabeled /var/lib/rpm from unconfined_u:object_r:var_lib_t:s0 to unconfined_u:object_r:rpm_var_lib_t:s0 ls -laZ /var/lib/rpm/ total 148500 drwxr-xr-x. 2 root root unconfined_u:object_r:rpm_var_lib_t:s0 4096 Oct 15 10:28 . drwxr-xr-x. 83 root root system_u:object_r:var_lib_t:s0 4096 Oct 15 10:35 .. -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 19439616 Oct 15 10:35 Basenames -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 20480 Oct 15 10:35 Conflictname -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 6922240 Oct 15 10:35 Dirnames -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 8192 Oct 15 10:28 Enhancename -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 8192 Oct 15 10:32 Filetriggername -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 49152 Oct 15 10:35 Group -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 36864 Oct 15 10:35 Installtid -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 163840 Oct 15 10:35 Name -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 65536 Oct 15 10:35 Obsoletename -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 120815616 Oct 15 10:35 Packages -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 2727936 Oct 15 10:35 Providename -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 16384 Oct 15 10:35 Recommendname -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 1294336 Oct 15 10:35 Requirename -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 278528 Oct 15 10:35 Sha1header -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 172032 Oct 15 10:35 Sigmd5 -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 8192 Oct 15 10:35 Suggestname -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 8192 Oct 15 10:35 Supplementname -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 8192 Oct 15 10:35 Transfiletriggername -rw-r--r--. 1 root root unconfined_u:object_r:rpm_var_lib_t:s0 8192 Oct 15 10:35 Triggername