Description of problem: SELinux is preventing sss_cache from 'map' accesses on the file /var/lib/sss/db/config.ldb. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that sss_cache should be allowed map access on the config.ldb file by default. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do allow this access for now by executing: # ausearch -c 'sss_cache' --raw | audit2allow -M my-ssscache # semodule -X 300 -i my-ssscache.pp Additional Information: Source Context unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:sssd_var_lib_t:s0 Target Objects /var/lib/sss/db/config.ldb [ file ] Source sss_cache Source Path sss_cache Port <Sconosciuto> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.1-48.fc28.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 4.19.2-200.fc28.x86_64 #1 SMP Wed Nov 14 20:58:35 UTC 2018 x86_64 x86_64 Alert Count 1 First Seen 2018-11-26 12:50:57 CET Last Seen 2018-11-26 12:50:57 CET Local ID 80ab20e6-0dfd-44a4-9406-30466004bb9a Raw Audit Messages type=AVC msg=audit(1543233057.814:517): avc: denied { map } for pid=51223 comm="sss_cache" path="/var/lib/sss/db/config.ldb" dev="dm-2" ino=1704849 scontext=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:sssd_var_lib_t:s0 tclass=file permissive=1 Hash: sss_cache,useradd_t,sssd_var_lib_t,file,map Version-Release number of selected component: selinux-policy-3.14.1-48.fc28.noarch Additional info: component: selinux-policy reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.19.2-200.fc28.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 1640255 ***