Description of problem: SELinux is preventing (updatedb) from 'mount' accesses on the filesystem /. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that (updatedb) should be allowed mount access on the filesystem by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c '(updatedb)' --raw | audit2allow -M my-updatedb # semodule -X 300 -i my-updatedb.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:usr_t:s0 Target Objects / [ filesystem ] Source (updatedb) Source Path (updatedb) Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages filesystem-3.10-1.fc30.x86_64 Policy RPM selinux-policy-3.14.3-42.fc30.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.1.18-300.fc30.x86_64 #1 SMP Mon Jul 15 15:42:34 UTC 2019 x86_64 x86_64 Alert Count 1 First Seen 2019-07-29 00:00:55 EDT Last Seen 2019-07-29 00:00:55 EDT Local ID 1e9fc3df-424b-461e-932d-d6d5c3012c2e Raw Audit Messages type=AVC msg=audit(1564372855.780:639): avc: denied { mount } for pid=15388 comm="(updatedb)" name="/" dev="tmpfs" ino=440279 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=filesystem permissive=0 Hash: (updatedb),init_t,usr_t,filesystem,mount Version-Release number of selected component: selinux-policy-3.14.3-42.fc30.noarch Additional info: component: selinux-policy reporter: libreport-2.10.1 hashmarkername: setroubleshoot kernel: 5.1.18-300.fc30.x86_64 type: libreport
*** Bug 1733981 has been marked as a duplicate of this bug. ***
Hi, Could you please run: # restorecon -Rv / and then try to reproduce the issue? It looks like your system is mislabeled. Did you do any migration or upgrade in recent past? Thanks, Lukas.
Sorry I failed to reply sooner. I believe I tried your advice, and I don’t think I’ve seen the error since then. Thanks for your attention.
In fact this was a new installation on a new laptop.
I see there is no issue, closing the bugzilla.