Description of problem: systemctl start ras-mc-ctl.service SELinux is preventing ras-mc-ctl from 'execute' accesses on the file /usr/bin/perl. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that ras-mc-ctl should be allowed execute access on the perl file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'ras-mc-ctl' --raw | audit2allow -M my-rasmcctl # semodule -X 300 -i my-rasmcctl.pp Additional Information: Source Context system_u:system_r:rasdaemon_t:s0 Target Context system_u:object_r:bin_t:s0 Target Objects /usr/bin/perl [ file ] Source ras-mc-ctl Source Path ras-mc-ctl Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages perl-interpreter-5.28.1-425.fc29.x86_64 Policy RPM selinux-policy-3.14.2-42.fc29.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 4.19.5-300.fc29.x86_64 #1 SMP Tue Nov 27 19:29:23 UTC 2018 x86_64 x86_64 Alert Count 1 First Seen 2018-12-09 11:07:58 EET Last Seen 2018-12-09 11:07:58 EET Local ID 55bf3db7-5dd6-41d7-9750-58473ebb60f6 Raw Audit Messages type=AVC msg=audit(1544346478.674:7400): avc: denied { execute } for pid=8195 comm="ras-mc-ctl" path="/usr/bin/perl" dev="dm-0" ino=2732133 scontext=system_u:system_r:rasdaemon_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1 Hash: ras-mc-ctl,rasdaemon_t,bin_t,file,execute Version-Release number of selected component: selinux-policy-3.14.2-42.fc29.noarch Additional info: component: selinux-policy reporter: libreport-2.9.6 hashmarkername: setroubleshoot kernel: 4.19.5-300.fc29.x86_64 type: libreport
commit a1737fcf9eabbad9e2f819a184b6bd1009e9d81e (HEAD -> rawhide) Author: Lukas Vrabec <lvrabec> Date: Wed Dec 12 13:27:05 2018 +0100 Allow rasdaemon_t domain to execute binaries labeled as bin_t BZ(1657622)
Description of problem: install package rasdaemon (0.6.2-3.fc29.x86_64) start ras-mc-ctl.service using systemctl start ras-mc-ctl.service --> fails - SELinux prevents map file /usr/bin/perl SE troubleshooter suggested: setsebool -P domain_can_mmap_files 1 after applying this command and another try to start the service --> fails - SELinux prevents execute file /usr/bin/perl Version-Release number of selected component: selinux-policy-3.14.2-44.fc29.noarch Additional info: reporter: libreport-2.9.7 hashmarkername: setroubleshoot kernel: 4.19.6-300.fc29.x86_64 type: libreport
selinux-policy-3.14.2-46.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a20cfef61
selinux-policy-3.14.2-46.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a20cfef61
selinux-policy-3.14.2-46.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.