Description of problem: On startup SELinux is preventing NetworkManager from 'write' accesses on the fifo_file /var/tmp/dracut.1CwfJY/systemd-cat. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that NetworkManager should be allowed write access on the systemd-cat fifo_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'NetworkManager' --raw | audit2allow -M my-NetworkManager # semodule -X 300 -i my-NetworkManager.pp Additional Information: Source Context system_u:system_r:NetworkManager_t:s0 Target Context system_u:object_r:initrc_tmp_t:s0 Target Objects /var/tmp/dracut.1CwfJY/systemd-cat [ fifo_file ] Source NetworkManager Source Path NetworkManager Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM <Unknown> Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.3.7-301.fc31.x86_64 #1 SMP Mon Oct 21 19:18:58 UTC 2019 x86_64 x86_64 Alert Count 1 First Seen 2019-11-05 17:04:28 CET Last Seen 2019-11-05 17:04:28 CET Local ID a565b538-e2c6-4a79-9d21-166f894a6b69 Raw Audit Messages type=AVC msg=audit(1572969868.388:208): avc: denied { write } for pid=6790 comm="NetworkManager" path="/var/tmp/dracut.1CwfJY/systemd-cat" dev="dm-0" ino=655746 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=fifo_file permissive=0 Hash: NetworkManager,NetworkManager_t,initrc_tmp_t,fifo_file,write Additional info: component: selinux-policy reporter: libreport-2.10.1 hashmarkername: setroubleshoot kernel: 5.3.7-301.fc31.x86_64 type: libreport
Hi NetworkManager maintainers, Any idea why NetworkManager is writing to the "/var/tmp/dracut.1CwfJY/systemd-cat" ? If you answer and it's expected please move the component back to selinux-policy. Thanks, Lukas.
/var/tmp/dracut.1CwfJY/systemd-cat appears to be a fifo used for logging in dracut. I'm not familiar with dracut internals but perhaps NM is writing logging information to it through standard error or through syslog. Reassigning to dracut maintainers so that they can confirm what is going on and how to proceed about this.
Similar problem has been detected: Restarted the machine after dnf update. hashmarkername: setroubleshoot kernel: 5.5.15-200.fc31.x86_64 package: selinux-policy-3.14.4-50.fc31.noarch reason: SELinux is preventing NetworkManager from 'write' accesses on the fifo_file /var/tmp/dracut.n2fbhR/systemd-cat. type: libreport
*** This bug has been marked as a duplicate of bug 1750428 ***