Description of problem: After upgrade from Fedora 28 to 29 this error keeps popping up: SELinux is preventing xz from using the fsetid capability. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that xz should have the fsetid capability by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'xz' --raw | audit2allow -M my-xz # semodule -X 300 -i my-xz.pp Additional Information: Source Context system_u:system_r:pcp_pmlogger_t:s0 Target Context system_u:system_r:pcp_pmlogger_t:s0 Target Objects Unknown [ capability ] Source xz Source Path xz Port <Unknown> Host laptop.localnet Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.2-57.fc29.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name laptop.localnet Platform Linux laptop.localnet 5.0.13-200.fc29.x86_64 #1 SMP Mon May 6 00:49:54 UTC 2019 x86_64 x86_64 Alert Count 20 First Seen 2019-05-15 00:11:01 CEST Last Seen 2019-05-18 12:30:46 CEST Local ID e2d40317-2c13-4424-8348-2855a3b35a57 Raw Audit Messages type=AVC msg=audit(1558175446.811:329): avc: denied { fsetid } for pid=21779 comm="xz" capability=4 scontext=system_u:system_r:pcp_pmlogger_t:s0 tcontext=system_u:system_r:pcp_pmlogger_t:s0 tclass=capability permissive=0 Version-Release number of selected component (if applicable): selinux-policy-3.14.2-57.fc29.noarch How reproducible: Pops up in SEtroubleshooter, I don't know to reproduce
Lukas, Does it make sense that pcp_pmlogger executing "xz" ? Thanks, Lukas.
Hi, Thanks for checking! Yes, the (pcp_)pmlogger script uses xz (when available) to compress the logging files. Producing results such as: % ls -l /var/log/pcp/pmlogger/`hostname`/ [...] -rw-r--r--. 1 pcp pcp 53575192 May 20 09:05 20190517.0.xz -rw-r--r--. 1 pcp pcp 88512 May 20 09:05 20190517.index -rw-r--r--. 1 pcp pcp 340620 May 20 09:05 20190517.meta.xz
FEDORA-2019-97183bed56 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-97183bed56
FEDORA-2019-44b383ec91 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-44b383ec91
pcp-4.3.4-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-97183bed56
pcp-4.3.4-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-44b383ec91
pcp-4.3.4-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.
pcp-4.3.4-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.