Description of problem: Hello, I have this problem since the update of October 21, which caused a panic kernel, so I start on the previous kernel and I have this error. SELinux is preventing (m-helper) from 'execute' accesses on the fichier /usr/libexec/flatpak-system-helper. ***** Plugin catchall (100. confidence) suggests ************************** Si vous pensez que (m-helper) devrait être autorisé à accéder execute sur flatpak-system-helper file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # ausearch -c "(m-helper)" --raw | audit2allow -M my-mhelper # semodule -X 300 -i my-mhelper.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:unlabeled_t:s0 Target Objects /usr/libexec/flatpak-system-helper [ file ] Source (m-helper) Source Path (m-helper) Port <Inconnu> Host (removed) Source RPM Packages Target RPM Packages Policy RPM <Inconnu> Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.2.15-200.fc30.x86_64 #1 SMP Mon Sep 16 15:17:36 UTC 2019 x86_64 x86_64 Alert Count 1 First Seen 2019-10-21 20:49:45 CEST Last Seen 2019-10-21 20:49:45 CEST Local ID cddabb61-f6e6-4f6e-85e6-a5629cba108c Raw Audit Messages type=AVC msg=audit(1571683785.613:293): avc: denied { execute } for pid=3623 comm="(m-helper)" name="flatpak-system-helper" dev="dm-0" ino=2502826 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0 trawcon="system_u:object_r:flatpak_helper_exec_t:s0" Hash: (m-helper),init_t,unlabeled_t,file,execute Additional info: component: selinux-policy reporter: libreport-2.10.1 hashmarkername: setroubleshoot kernel: 5.2.15-200.fc30.x86_64 type: libreport
Created attachment 1628240 [details] File: CameraZOOM-20191021204545113.jpg
Created attachment 1628242 [details] File: CameraZOOM-20191021204602496.jpg
*** Bug 1764541 has been marked as a duplicate of this bug. ***
I'm sorry, i speak english little. I have 3 alerts on Selinux, i have report all alerts :/ : https://bugzilla.redhat.com/show_bug.cgi?id=1764538 https://bugzilla.redhat.com/show_bug.cgi?id=1764541 https://bugzilla.redhat.com/show_bug.cgi?id=1764543 I don't know what do you need. If you need more, say me what. Thanks you very much
Hi, Could you please send the output of the following command? rpm -qa selinux-policy\* container-selinux
Hi [snow@cocci-linux ~]$ rpm -qa selinux-policy\* container-selinux selinux-policy-3.14.3-46.fc30.noarch selinux-policy-targeted-3.14.3-46.fc30.noarch [snow@cocci-linux ~]$
Similar problem has been detected: Updated to selinux-policy-targeted-3.14.3-53.fc30.noarch Error received: Running scriptlet: selinux-policy-3.14.3-53.fc30.noarch 2/24 Running scriptlet: selinux-policy-targeted-3.14.3-53.fc30.noarch 3/24 Upgrading : selinux-policy-targeted-3.14.3-53.fc30.noarch 3/24 Running scriptlet: selinux-policy-targeted-3.14.3-53.fc30.noarch 3/24 Conflicting name type transition rules Binary policy creation failed at /var/lib/selinux/targeted/tmp/modules/200/container/cil:1784 Failed to generate binary /usr/sbin/semodule: Failed! hashmarkername: setroubleshoot kernel: 5.3.15-200.fc30.x86_64 package: selinux-policy-3.14.3-53.fc30.noarch reason: SELinux is preventing restorecon from using the 'mac_admin' capabilities. type: libreport
*** Bug 1780902 has been marked as a duplicate of this bug. ***
I had a similar issue, but I managed to fix it. I was unable to run 'flatpak update', and reinstalling flatpak using dnf gave me the 'mac_admin' issue. This comment gave the clue: (In reply to Cocci Satch from comment #6) > Hi > > [snow@cocci-linux ~]$ rpm -qa selinux-policy\* container-selinux > selinux-policy-3.14.3-46.fc30.noarch > selinux-policy-targeted-3.14.3-46.fc30.noarch > [snow@cocci-linux ~]$ I installed container-selinux and now everything works as usual again.
Similar problem has been detected: all'avvio del sistema hashmarkername: setroubleshoot kernel: 5.3.16-300.fc31.x86_64 package: selinux-policy-3.14.4-43.fc31.noarch reason: SELinux is preventing (m-helper) from 'execute' accesses on the file /usr/libexec/flatpak-system-helper. type: libreport
Similar problem has been detected: This happens shortly after logging in. It has been happening for a few weeks now. Maybe what triggered this was a per-user installation of a Flatpak app. hashmarkername: setroubleshoot kernel: 5.4.13-201.fc31.x86_64 package: selinux-policy-3.14.4-44.fc31.noarch reason: SELinux is preventing (m-helper) from 'execute' accesses on the file /usr/libexec/flatpak-system-helper. type: libreport
Hi, Can you still reproduce this bug with all packages updated?
As this bug has no been updated for a certain period of long time and supposedly the bug has been fixed in the current release, we are going to close it. Feel free open a new bugzilla if the issue persists.