Created attachment 1511160 [details] Output of: ausearch -c 'pmdalinux' --raw Description of problem: After upgrading from F28 to F29 I am getting hundreds of SEAlerts. The plugin line shows: SELinux is preventing pmdalinux from 'getattr, associate' accesses on the shared memory labeled unconfined_service_t SELinux is preventing pmdalinux from unix_read access on the shared memory labeled unconfined_service_t SELinux is preventing pmdalinux from 'getattr, associate' accesses on the semaphore labeled initrc_t. SELinux is preventing pmdalinux from unix_read access on the semaphore labeled initrc_t. I haven't done anything to setup (or even install) pcp, which runs this pmdalinux. Version-Release number of selected component (if applicable): # rpm -q --whatprovides /var/lib/pcp/pmdas/linux/pmdalinux pcp-4.2.0-1.fc29.x86_64 selinux-policy-3.14.2-42.fc29.noarch How reproducible: The error is constantly appearing Steps to Reproduce: 1. I guess upgrade from F28 to F29? 2. Reboot Actual results: See attached output of ausearch -c 'pmdalinux' --raw Expected results: This didn't happen in F28 so it shouldn't happen now. Additional info: Additional Information: Source Context system_u:system_r:pcp_pmcd_t:s0 Target Context system_u:system_r:initrc_t:s0 Target Objects Unknown [ sem ] Source pmdalinux Source Path pmdalinux ... and ... Additional Information: Source Context system_u:system_r:pcp_pmcd_t:s0 Target Context system_u:system_r:unconfined_service_t:s0 Target Objects Unknown [ shm ] Source pmdalinux Source Path pmdalinux
This should be fixed with my fix in pcp upstream policy. https://github.com/wrabcak/pcp/commit/3e6e622a12d6bf80202e2446971ad531f2b4eea1
When will the above mentioned fix be available in the repo?
Louis, PCP's next release is slated for Dec 21st, and this change will be included in that release as it ships.
This is resolved by a recent PCP update (4.3.1)