Description of problem: A recent Fedora 29 with testing repos enabled causes this new SELinux violation: # journalctl -b | grep type=14 Nov 13 05:52:34 localhost.localdomain kernel: audit: type=1400 audit(1542106354.631:368): avc: denied { write } for pid=1925 comm="sss_cache" name="config.ldb" dev="dm-0" ino=8744743 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=file permissive=0 Version-Release number of selected component (if applicable): shadow-utils-4.6-4.fc29.x86_64 (provides chpasswd) sssd-2.0.0-4.fc29.x86_64 selinux-policy-3.14.2-42.fc29.noarch kernel-4.18.17-300.fc29.x86_64 How reproducible: Always Steps to Reproduce: 1. Create current Fedora 29 with testing repositories enabled and SELinux installed 2. Create a test user 3. Try to change password of test user with chpasswd Actual results: [root@localhost ~]# journalctl -b | grep type=14 [root@localhost ~]# chpasswd test:foobar (Tue Nov 13 05:52:34:643059 2018) [sss_cache] [confdb_init] (0x0010): Unable to open config database [/var/lib/sss/db/config.ldb] Could not open available domains chpasswd: sss_cache exited with status 5 chpasswd: Failed to flush the sssd cache. (Tue Nov 13 05:52:34:675252 2018) [sss_cache] [confdb_init] (0x0010): Unable to open config database [/var/lib/sss/db/config.ldb] Could not open available domains chpasswd: sss_cache exited with status 5 chpasswd: Failed to flush the sssd cache. [root@localhost ~]# journalctl -b | grep type=14 Nov 13 05:52:34 localhost.localdomain kernel: audit: type=1400 audit(1542106354.631:368): avc: denied { write } for pid=1925 comm="sss_cache" name="config.ldb" dev="dm-0" ino=8744743 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=file permissive=0 Nov 13 05:52:34 localhost.localdomain kernel: audit: type=1400 audit(1542106354.674:369): avc: denied { write } for pid=1927 comm="sss_cache" name="config.ldb" dev="dm-0" ino=8744743 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=file permissive=0
*** This bug has been marked as a duplicate of bug 1640255 ***