Description of problem: SELinux is preventing cockpit-session from 'search' accesses on the directory .Private. ***** Plugin catchall_boolean (89.3 confidence) suggests ****************** If you want to allow polyinstantiation to enabled Then you must tell SELinux about this by enabling the 'polyinstantiation_enabled' boolean. Do setsebool -P polyinstantiation_enabled 1 ***** Plugin catchall (11.6 confidence) suggests ************************** If you believe that cockpit-session should be allowed search access on the .Private directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'cockpit-session' --raw | audit2allow -M my-cockpitsession # semodule -X 300 -i my-cockpitsession.pp Additional Information: Source Context system_u:system_r:cockpit_session_t:s0 Target Context unconfined_u:object_r:user_home_t:s0 Target Objects .Private [ dir ] Source cockpit-session Source Path cockpit-session Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.3-40.fc30.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.1.16-300.fc30.x86_64 #1 SMP Wed Jul 3 15:06:51 UTC 2019 x86_64 x86_64 Alert Count 6 First Seen 2019-07-14 16:04:14 CEST Last Seen 2019-07-14 16:04:14 CEST Local ID 755ba336-e19c-49e2-9d4b-09514a7c7247 Raw Audit Messages type=AVC msg=audit(1563113054.644:371): avc: denied { search } for pid=5770 comm="cockpit-session" name=".Private" dev="nvme0n1p2" ino=16515076 scontext=system_u:system_r:cockpit_session_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=0 Hash: cockpit-session,cockpit_session_t,user_home_t,dir,search Version-Release number of selected component: selinux-policy-3.14.3-40.fc30.noarch Additional info: component: selinux-policy reporter: libreport-2.10.1 hashmarkername: setroubleshoot kernel: 5.1.16-300.fc30.x86_64 type: libreport
Steps to reproduce: -> Migrate an unencrypted home directory to ecryptfs by using ecryptfs-migrate-home. -> Reboot -> Login -> Login at cockpit web interface
Used LUKS instead. Probably the better choice anyway...
*** This bug has been marked as a duplicate of bug 1729780 ***