journalctl excerpts: dracut[15203]: Executing: /usr/bin/dracut --quiet --hostonly --hostonly-cmdline --hostonly-i18n --hostonly-mode strict -o "plymouth dash resume ifcfg earlykdump" --add ssh-client --sshkey /root/.ssh/id_rsa --no-hostonly-default-device -f /boot/initramfs-5.3.0-0.rc6.git0.1.fc31.x86_64kdump.img 5.3.0-0.rc6.git0.1.fc31.x86_64 audit: type=1400 audit(*): avc: denied { write } for pid=* comm="NetworkManager" path="/var/tmp/dracut.*/systemd-cat" dev="dm-0" ino=* scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:kdumpctl_tmp_t:s0 tclass=fifo_file permissive=0
Hi Sanne, Any idea why NetworkManager is accesing some kdumpctl temp files? Thanks, Lukas.
While dracut builds a new initramfs image (using /var/tmp as a temporary directory), network-manager is apparently one of the modules that's configured to be included. The exact command executed is ` /usr/bin/dracut --quiet --hostonly --hostonly-cmdline --hostonly-i18n --hostonly-mode strict -o "plymouth dash resume ifcfg earlykdump" --add ssh-client --sshkey /root/.ssh/id_rsa --no-hostonly-default-device -f /boot/initramfs-5.3.0-0.rc6.git0.1.fc31.x86_64kdump.img 5.3.0-0.rc6.git0.1.fc31.x86_64`
Sanne, Do you have some functionality issues on your system because of this SELinux denial? Or system is working just fine and you only see this SELinux denial? Thanks, Lukas.
Oh no, this is just causing cockpit's kdump test to fail and this pops into the logs, see https://github.com/cockpit-project/cockpit/issues/12744 The rest of the test works fine though so maybe we can just safely ignore this? Sorry for giving so little context earlier. Thanks, Sanne
Hi Sanne, I added dontaudit rules: commit ddba7c41173f75535894f3ced77f9b0e6618ceac (HEAD -> rawhide) Author: Lukas Vrabec <lvrabec> Date: Wed Sep 25 13:37:57 2019 +0200 Dontaudit NetworkManager_t domain to write to kdump temp pipies BZ(1750428)
FEDORA-2019-64732fd6a5 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-64732fd6a5
selinux-policy-3.14.4-36.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-64732fd6a5
This package has changed maintainer in the Fedora. Reassigning to the new maintainer of this component.
*** Bug 1768951 has been marked as a duplicate of this bug. ***