Description of problem: sudo dnf --refresh upgrade SELinux is preventing sss_cache from 'write' accesses on the file config.ldb. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that sss_cache should be allowed write access on the config.ldb file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'sss_cache' --raw | audit2allow -M my-ssscache # semodule -X 300 -i my-ssscache.pp Additional Information: Source Context unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c102 3 Target Context system_u:object_r:sssd_var_lib_t:s0 Target Objects config.ldb [ file ] Source sss_cache Source Path sss_cache Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.2-37.fc29.noarch selinux- policy-3.14.2-42.fc29.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.18.13-300.fc29.x86_64 #1 SMP Wed Oct 10 17:22:50 UTC 2018 x86_64 x86_64 Alert Count 2 First Seen 2018-11-11 14:26:41 EET Last Seen 2018-11-11 14:26:41 EET Local ID a5380f8c-a6a8-4c80-aa4d-6917b096ee06 Raw Audit Messages type=AVC msg=audit(1541939201.665:345): avc: denied { write } for pid=24081 comm="sss_cache" name="config.ldb" dev="sda3" ino=35224736 scontext=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=file permissive=0 Hash: sss_cache,groupadd_t,sssd_var_lib_t,file,write Version-Release number of selected component: selinux-policy-3.14.2-37.fc29.noarch selinux-policy-3.14.2-42.fc29.noarch Additional info: component: selinux-policy reporter: libreport-2.9.6 hashmarkername: setroubleshoot kernel: 4.18.13-300.fc29.x86_64 type: libreport Potential duplicate: bug 1640255
Description of problem: it appeared during this: [asus@localhost ~]$ sudo dnf remove blender Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: blender x86_64 1:2.79b-9.fc29 @updates 143 M Removing unused dependencies: CharLS x86_64 1.0-17.fc29 @fedora 239 k Field3D x86_64 1.7.2-11.fc29 @fedora 2.7 M OpenColorIO x86_64 1.1.0-8.fc29 @fedora 1.6 M OpenImageIO x86_64 1.8.16-1.fc29 @updates 11 M alembic-libs x86_64 1.7.8-1.fc29 @fedora 2.3 M blender-fonts noarch 1:2.79b-9.fc29 @updates 4.9 M boost-program-options x86_64 1.66.0-14.fc29 @fedora 592 k boost-regex x86_64 1.66.0-14.fc29 @fedora 1.2 M dcmtk x86_64 3.6.2-4.fc29 @fedora 31 M libGLEW x86_64 2.1.0-2.fc29 @fedora 670 k libspnav x86_64 0.2.3-8.fc29 @fedora 22 k openCOLLADA x86_64 1.6.63-1.fc29 @fedora 11 M openblas-threads x86_64 0.3.3-2.fc29 @updates-testing 40 M pugixml x86_64 1.9-2.fc29 @fedora 249 k python3-numpy x86_64 1:1.15.1-1.fc29 @updates-testing 17 M tinyxml x86_64 2.6.2-17.fc29 @fedora 136 k yaml-cpp x86_64 0.6.1-4.fc29 @updates-testing 498 k Transaction Summary ================================================================================ Remove 18 Packages Freed space: 268 M Is this ok [y/N]: y Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Erase: blender-1:2.79b-9.fc29.x86_64 Erasing : blender-1:2.79b-9.fc29.x86_64 1/18 Erase: blender-1:2.79b-9.fc29.x86_64 Running scriptlet: blender-1:2.79b-9.fc29.x86_64 1/18 Erase: OpenImageIO-1.8.16-1.fc29.x86_64 Erasing : OpenImageIO-1.8.16-1.fc29.x86_64 2/18 Erase: OpenImageIO-1.8.16-1.fc29.x86_64 Erase: OpenColorIO-1.1.0-8.fc29.x86_64 Erasing : OpenColorIO-1.1.0-8.fc29.x86_64 3/18 Erase: OpenColorIO-1.1.0-8.fc29.x86_64 Erase: Field3D-1.7.2-11.fc29.x86_64 Erasing : Field3D-1.7.2-11.fc29.x86_64 4/18 Erase: Field3D-1.7.2-11.fc29.x86_64 Erase: dcmtk-3.6.2-4.fc29.x86_64 Erasing : dcmtk-3.6.2-4.fc29.x86_64 5/18 Erase: dcmtk-3.6.2-4.fc29.x86_64 Erase: python3-numpy-1:1.15.1-1.fc29.x86_64 Erasing : python3-numpy-1:1.15.1-1.fc29.x86_64 6/18 Erase: python3-numpy-1:1.15.1-1.fc29.x86_64 Erase: blender-fonts-1:2.79b-9.fc29.noarch Erasing : blender-fonts-1:2.79b-9.fc29.noarch 7/18 Erase: blender-fonts-1:2.79b-9.fc29.noarch Erase: openblas-threads-0.3.3-2.fc29.x86_64 Erasing : openblas-threads-0.3.3-2.fc29.x86_64 8/18 Erase: openblas-threads-0.3.3-2.fc29.x86_64 Running scriptlet: openblas-threads-0.3.3-2.fc29.x86_64 8/18 Erase: CharLS-1.0-17.fc29.x86_64 Erasing : CharLS-1.0-17.fc29.x86_64 9/18 Erase: CharLS-1.0-17.fc29.x86_64 Running scriptlet: CharLS-1.0-17.fc29.x86_64 9/18 Erase: boost-program-options-1.66.0-14.fc29.x86_64 Erasing : boost-program-options-1.66.0-14.fc29.x86_64 10/18 Erase: boost-program-options-1.66.0-14.fc29.x86_64 Erase: boost-regex-1.66.0-14.fc29.x86_64 Erasing : boost-regex-1.66.0-14.fc29.x86_64 11/18 Erase: boost-regex-1.66.0-14.fc29.x86_64 Erase: tinyxml-2.6.2-17.fc29.x86_64 Erasing : tinyxml-2.6.2-17.fc29.x86_64 12/18 Erase: tinyxml-2.6.2-17.fc29.x86_64 Running scriptlet: tinyxml-2.6.2-17.fc29.x86_64 12/18 Erase: yaml-cpp-0.6.1-4.fc29.x86_64 Erasing : yaml-cpp-0.6.1-4.fc29.x86_64 13/18 Erase: yaml-cpp-0.6.1-4.fc29.x86_64 Running scriptlet: yaml-cpp-0.6.1-4.fc29.x86_64 13/18 Erase: pugixml-1.9-2.fc29.x86_64 Erasing : pugixml-1.9-2.fc29.x86_64 14/18 Erase: pugixml-1.9-2.fc29.x86_64 Running scriptlet: pugixml-1.9-2.fc29.x86_64 14/18 Erase: alembic-libs-1.7.8-1.fc29.x86_64 Erasing : alembic-libs-1.7.8-1.fc29.x86_64 15/18 Erase: alembic-libs-1.7.8-1.fc29.x86_64 Running scriptlet: alembic-libs-1.7.8-1.fc29.x86_64 15/18 Erase: libGLEW-2.1.0-2.fc29.x86_64 Erasing : libGLEW-2.1.0-2.fc29.x86_64 16/18 Erase: libGLEW-2.1.0-2.fc29.x86_64 Erase: openCOLLADA-1.6.63-1.fc29.x86_64 Erasing : openCOLLADA-1.6.63-1.fc29.x86_64 17/18 Erase: openCOLLADA-1.6.63-1.fc29.x86_64 Erase: libspnav-0.2.3-8.fc29.x86_64 Erasing : libspnav-0.2.3-8.fc29.x86_64 18/18 Erase: libspnav-0.2.3-8.fc29.x86_64 Running scriptlet: libspnav-0.2.3-8.fc29.x86_64 18/18 Verifying : CharLS-1.0-17.fc29.x86_64 1/18 Verifying : Field3D-1.7.2-11.fc29.x86_64 2/18 Verifying : OpenColorIO-1.1.0-8.fc29.x86_64 3/18 Verifying : OpenImageIO-1.8.16-1.fc29.x86_64 4/18 Verifying : alembic-libs-1.7.8-1.fc29.x86_64 5/18 Verifying : blender-1:2.79b-9.fc29.x86_64 6/18 Verifying : blender-fonts-1:2.79b-9.fc29.noarch 7/18 Verifying : boost-program-options-1.66.0-14.fc29.x86_64 8/18 Verifying : boost-regex-1.66.0-14.fc29.x86_64 9/18 Verifying : dcmtk-3.6.2-4.fc29.x86_64 10/18 Verifying : libGLEW-2.1.0-2.fc29.x86_64 11/18 Verifying : libspnav-0.2.3-8.fc29.x86_64 12/18 Verifying : openCOLLADA-1.6.63-1.fc29.x86_64 13/18 Verifying : openblas-threads-0.3.3-2.fc29.x86_64 14/18 Verifying : pugixml-1.9-2.fc29.x86_64 15/18 Verifying : python3-numpy-1:1.15.1-1.fc29.x86_64 16/18 Verifying : tinyxml-2.6.2-17.fc29.x86_64 17/18 Verifying : yaml-cpp-0.6.1-4.fc29.x86_64 18/18 Removed: blender-1:2.79b-9.fc29.x86_64 CharLS-1.0-17.fc29.x86_64 Field3D-1.7.2-11.fc29.x86_64 OpenColorIO-1.1.0-8.fc29.x86_64 OpenImageIO-1.8.16-1.fc29.x86_64 alembic-libs-1.7.8-1.fc29.x86_64 blender-fonts-1:2.79b-9.fc29.noarch boost-program-options-1.66.0-14.fc29.x86_64 boost-regex-1.66.0-14.fc29.x86_64 dcmtk-3.6.2-4.fc29.x86_64 libGLEW-2.1.0-2.fc29.x86_64 libspnav-0.2.3-8.fc29.x86_64 openCOLLADA-1.6.63-1.fc29.x86_64 openblas-threads-0.3.3-2.fc29.x86_64 pugixml-1.9-2.fc29.x86_64 python3-numpy-1:1.15.1-1.fc29.x86_64 tinyxml-2.6.2-17.fc29.x86_64 yaml-cpp-0.6.1-4.fc29.x86_64 Complete! Version-Release number of selected component: selinux-policy-3.14.2-37.fc29.noarch selinux-policy-3.14.2-42.fc29.noarch Additional info: reporter: libreport-2.9.6 hashmarkername: setroubleshoot kernel: 4.20.0-0.rc1.git1.2.fc30.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 1640255 ***
*** Bug 1677909 has been marked as a duplicate of this bug. ***