Description of problem: I updated my system and rebooted. Happened on login, I think. SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.wlp61s0. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that 11-dhclient should be allowed add_name access on the chrony.servers.wlp61s0 directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c '11-dhclient' --raw | audit2allow -M my-11dhclient # semodule -X 300 -i my-11dhclient.pp Additional Information: Source Context system_u:system_r:NetworkManager_t:s0 Target Context system_u:object_r:dhcpc_state_t:s0 Target Objects chrony.servers.wlp61s0 [ dir ] Source 11-dhclient Source Path 11-dhclient Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.4-40.fc31.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 5.3.9-300.fc31.x86_64 #1 SMP Wed Nov 6 16:13:19 UTC 2019 x86_64 x86_64 Alert Count 2 First Seen 2019-11-11 09:12:22 CET Last Seen 2019-11-11 09:12:28 CET Local ID 4c4bb2c8-6b3c-4843-bfbe-b878bf39d80b Raw Audit Messages type=AVC msg=audit(1573459948.468:208): avc: denied { add_name } for pid=2073 comm="11-dhclient" name="chrony.servers.wlp61s0" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=dir permissive=1 Hash: 11-dhclient,NetworkManager_t,dhcpc_state_t,dir,add_name Version-Release number of selected component: selinux-policy-3.14.4-40.fc31.noarch Additional info: component: selinux-policy reporter: libreport-2.10.1 hashmarkername: setroubleshoot kernel: 5.3.9-300.fc31.x86_64 type: libreport
Similar problem has been detected: It just appeared after recent updates. hashmarkername: setroubleshoot kernel: 5.3.6-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the adresář chrony.servers.wlp4s0. type: libreport
Similar problem has been detected: This denial happens every time NetworkManager reconnects to network with dhcp client. hashmarkername: setroubleshoot kernel: 5.3.9-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.wlp3s0. type: libreport
*** Bug 1770700 has been marked as a duplicate of this bug. ***
*** Bug 1770699 has been marked as a duplicate of this bug. ***
I was not able to reproduce, it looks some additional conditions are necessary to trigger the denials. In each bugreport it was for wireless interfaces only. These permissions were requested: #============= NetworkManager_t ============== allow NetworkManager_t dhcpc_state_t:dir add_name; allow NetworkManager_t dhcpc_state_t:file { append create }; A PR to address the issue has been sent for a review: https://github.com/fedora-selinux/selinux-policy-contrib/pull/164
BTW, I get this with wired and wireless interfaces on my T450s. Example: type=AVC msg=audit(1573676297.839:489): avc: denied { add_name } for pid=10016 comm="11-dhclient" name="chrony.servers.enp0s25" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=dir permissive=0
commit 702d2e73cf54e251f941f8b15f642088c532949e (HEAD -> rawhide, origin/rawhide, origin/HEAD) Author: Zdenek Pytela <zpytela> Date: Wed Nov 13 13:49:09 2019 +0100 Allow NetworkManager_t manage dhcpc_state_t BZ(1770698) Allow 11-dhclient running in the NetworkManager_t domain manage dhcp client state files
Any chance of getting a build into updates-testing to fix this?
I'm getting this error every few minutes it's pretty annoying. I guess it will go to the ignore list to avoid missing other notifications.
SELinux is preventing 11-dhclient from add_name access on the directory chrony.servers.wlp3s0. It started to appear after upgrading dhcp (dhcp-client / dhcp-common) to version 4.4.1-19.fc31. ausearch -c '11-dhclient' --raw | audit2allow -M my-11dhclient semodule -X 300 -i my-11dhclient.pp This does not remove the warning, after every restart of the system the warning appears again. I tested selinux-policy-3.14.4-41.fc31 / selinux-policy-targeted-3.14.4-41.fc31 ... no change.
*** Bug 1773573 has been marked as a duplicate of this bug. ***
Same here. Rebooted after updating. The update included selinux-policy-3.14.4-40.fc31 (from -39.fc31) and dhcp-client-12:4.4.1-19.fc31 (from -15.fc31).
Hi Zdenek, I'm encountering the same behaviour since an update yesterday that included dhcp-client-4.4.1-19.fc31.x86_64. This seems to happen everytime I dock my T460s again, accessing the local network in ethernet. Until now, I don't feel like this happens on wi-fi. But this alert shows up every single time I reconnect on the wired interface. Then while I am connected on ethernet, it happens from time to time, not sure yet about the frequency or what triggers it to reappear. But what is certain is that I reproduce it every time I try to reconnect to the wired network.
Similar problem has been detected: After upgrading to the latest OS version I got this message when connecting to a WiFi network. The network in question is WPA2 Enterprise. Looks like it may be related to this issue: https://bugzilla.redhat.com/show_bug.cgi?id=1770698 hashmarkername: setroubleshoot kernel: 5.3.11-300.fc31.x86_64 reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.wlp3s0. type: libreport
Similar problem has been detected: Nothing special. I was running only firefox. It seems the problem happen after a while the laptop has been booted hashmarkername: setroubleshoot kernel: 5.3.11-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the cartella chrony.servers.wlp12s0. type: libreport
Similar problem has been detected: Don't really know how this happened. hashmarkername: setroubleshoot kernel: 5.3.11-300.fc31.x86_64 reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.pc_bridge. type: libreport
Similar problem has been detected: Booted up laptop, presented with the error hashmarkername: setroubleshoot kernel: 5.3.11-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing /usr/bin/bash from 'add_name' accesses on the directory chrony.servers.wlan0. type: libreport
Had a similar error while my screen was locked. Uptime when the error occurred was about 19 hours, in which the screen was locked like 15 hours. It is connected via Cable (Router -> Cable -> Switch -> Computer). I didn't find any log entries in my router to that timestamp, so I can't tell if there was an event from my router which triggered this. Error is in German, I still hope it helps: SELinux hindert 11-dhclient daran, mit add_name-Zugriff auf Verzeichnis chrony.servers.enp0s31f6 zuzugreifen. ***** Plugin catchall (100. Wahrscheinlichkeit) schlägt vor ************** Wenn Sie denken, dass es 11-dhclient standardmäßig erlaubt sein sollte, add_name Zugriff auf chrony.servers.enp0s31f6 directory zu erhalten. Dann sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Ausführen zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # ausearch -c '11-dhclient' --raw | audit2allow -M my-11dhclient # semodule -X 300 -i my-11dhclient.pp zusätzliche Information: Quellkontext system_u:system_r:NetworkManager_t:s0 Zielkontext system_u:object_r:dhcpc_state_t:s0 Zielobjekte chrony.servers.enp0s31f6 [ dir ] Quelle 11-dhclient Quellpfad 11-dhclient Port <Unbekannt> Host linux.fritz.box RPM-Pakete der Quelle RPM-Pakete des Ziels Richtlinien-RPM selinux-policy-3.14.4-40.fc31.noarch SELinux aktiviert True Richtlinientyp targeted Enforcing-Modus Enforcing Rechnername linux.fritz.box Plattform Linux linux.fritz.box 5.3.11-300.fc31.x86_64 #1 SMP Tue Nov 12 19:08:07 UTC 2019 x86_64 x86_64 Anzahl der Alarme 2 Zuerst gesehen 2019-11-19 23:42:59 CET Zuletzt gesehen 2019-11-20 11:43:00 CET Lokale ID cb5152a9-481a-4202-b9b6-71183ca38ba5 Raw-Audit-Meldungen type=AVC msg=audit(1574246580.0:286): avc: denied { add_name } for pid=96158 comm="11-dhclient" name="chrony.servers.enp0s31f6" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=dir permissive=0 Hash: 11-dhclient,NetworkManager_t,dhcpc_state_t,dir,add_name
Is this duplicate of bug 1764485?
Similar problem has been detected: Happened after recent update, not longer that 4 days ago. Not sure which package caused this, though as there were many of them. hashmarkername: setroubleshoot kernel: 5.3.11-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.wlp61s0. type: libreport
When dhcpclient gets a NTP server information in DHCP options, it runs /etc/dhcp/dhclient.d/chrony.sh which tries to create the file /usr/lib/dhclient/chrony.servers.$interface with the new NTP server information and then SELinux prevents it from doing so. If you set PEERNTP=NO in /etc/sysconfig/networks and restart NetworkManager, the issue goes away (but then you do not have automated update of NTP server information in chrony)
(In reply to Cenk Kulacoglu from comment #21) > When dhcpclient gets a NTP server information in DHCP options, it runs > /etc/dhcp/dhclient.d/chrony.sh which tries to create the file > /usr/lib/dhclient/chrony.servers.$interface with the new NTP server > information and then SELinux prevents it from doing so. Do you mean /var/lib/dhclient here? Because /usr/lib sounds like the wrong place to write files that may vary from one run to another.
@Bojan correct, sorry for the typo. It is /var/lib/dhclient
Similar problem has been detected: I have a network manager profile that automatically starts a vpn connection as well. I'm not sure if the dhclient instance throwing the error is the one that starts the wifi or the tunnel but the connection itself works fine. The message about the blocked access to the directory reappears about every minute. hashmarkername: setroubleshoot kernel: 5.3.11-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.wlp3s0. type: libreport
Similar problem has been detected: this error shiw at boot in xfce DE hashmarkername: setroubleshoot kernel: 5.3.11-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the cartella chrony.servers.wlo1. type: libreport
FEDORA-2019-fefda9dd5e has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-fefda9dd5e
Similar problem has been detected: I booted my system and selinux reported this error. hashmarkername: setroubleshoot kernel: 5.3.11-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.ens1f0. type: libreport
selinux-policy-3.14.4-42.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-fefda9dd5e
selinux-policy-3.14.4-42.fc31 doesn't report "SELinux is preventing 11-dhclient from add_name access on the directory chrony.servers.wlp3s0." any longer, but generates new trouble. 1.) During the installation process : $ sudo dnf install selinux-policy-3.14.4-42.fc31.noarch.rpm selinux-policy-targeted-3.14.4-42.fc31.noarch.rpm Last metadata expiration check: 2:21:00 ago on Sa 23 Nov 2019 10:05:52 CET. Dependencies resolved. =============================================================================================================================================================================================== Package Architecture Version Repository Size =============================================================================================================================================================================================== Upgrading: selinux-policy noarch 3.14.4-42.fc31 @commandline 123 k selinux-policy-targeted noarch 3.14.4-42.fc31 @commandline 13 M Transaction Summary =============================================================================================================================================================================================== Upgrade 2 Packages Total size: 13 M Is this ok [y/N]: y Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Running scriptlet: selinux-policy-targeted-3.14.4-42.fc31.noarch 1/1 Preparing : 1/1 Upgrading : selinux-policy-3.14.4-42.fc31.noarch 1/4 Running scriptlet: selinux-policy-3.14.4-42.fc31.noarch 1/4 Running scriptlet: selinux-policy-targeted-3.14.4-42.fc31.noarch 2/4 Upgrading : selinux-policy-targeted-3.14.4-42.fc31.noarch 2/4 Running scriptlet: selinux-policy-targeted-3.14.4-42.fc31.noarch 2/4 Conflicting name type transition rules Binary policy creation failed at /var/lib/selinux/targeted/tmp/modules/200/container/cil:1786 Failed to generate binary 2.) After the installation process : SELinux is preventing restorecon from using the mac_admin capability. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that restorecon should have the mac_admin capability by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'restorecon' --raw | audit2allow -M my-restorecon # semodule -X 300 -i my-restorecon.pp 3.) After the reboot of the system : SELinux is preventing (m-helper) from execute access on the file /usr/libexec/flatpak-system-helper. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that (m-helper) should be allowed execute access on the flatpak-system-helper file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c '(m-helper)' --raw | audit2allow -M my-mhelper # semodule -X 300 -i my-mhelper.pp
Similar problem has been detected: Back from suspend mode hashmarkername: setroubleshoot kernel: 5.3.11-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'append' accesses on the fichier chrony.servers.enp4s0. type: libreport
Similar problem has been detected: Waking up laptop from sleep hashmarkername: setroubleshoot kernel: 5.3.11-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.wlp2s0. type: libreport
Similar problem has been detected: Problem occurred during system boot. hashmarkername: setroubleshoot kernel: 5.3.11-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'create' accesses on the file chrony.servers.ens1f0. type: libreport
Similar problem has been detected: Steps to reproduce: connect to wifi. hashmarkername: setroubleshoot kernel: 5.3.11-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.wlp2s0. type: libreport
*** Bug 1776386 has been marked as a duplicate of this bug. ***
Similar problem has been detected: I resumed the laptop after it was suspended to RAM and this alert popped up. I don't get this every time, though, so I don't know what circumstances trigger the error. hashmarkername: setroubleshoot kernel: 5.3.11-300.fc31.x86_64 reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.wlp58s0. type: libreport
Similar problem has been detected: Login into a locked Gnome session after computer wakes up from suspend hashmarkername: setroubleshoot kernel: 5.3.11-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.wlp61s0. type: libreport
Similar problem has been detected: I didn't notice anything but AVC notification. dhclient however should be able to modify chrony's sources. hashmarkername: setroubleshoot kernel: 5.3.11-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.enp0s31f6. type: libreport
*** Bug 1777023 has been marked as a duplicate of this bug. ***
Similar problem has been detected: Shows up in SELinux Alert Browser hashmarkername: setroubleshoot kernel: 5.3.11-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'append' accesses on the file /var/lib/dhclient/chrony.servers.wlp2s0. type: libreport
Similar problem has been detected: Not sure, but an alert seems to be generated about once per day since upgrading to Fedora 31 from 30. hashmarkername: setroubleshoot kernel: 5.3.12-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.enp12s0. type: libreport
Similar problem has been detected: Experience this issue since installing Snap or since updating Fedora from v30 to v31 hashmarkername: setroubleshoot kernel: 5.3.11-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'create' accesses on the file chrony.servers.eno1. type: libreport
Similar problem has been detected: Happened randomly in background while working with probably unrelated Java applications. hashmarkername: setroubleshoot kernel: 5.3.12-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the Verzeichnis chrony.servers.enp3s0. type: libreport
Similar problem has been detected: It would just happen on it's own occasionally after connecting to a wifi network hashmarkername: setroubleshoot kernel: 5.3.7-301.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.wlp3s0. type: libreport
Similar problem has been detected: This popped up overnight after applying updates to fc31. I suspect it may be related to the fact that my dhcpd instance is configured to provide NTP servers to the subnet. hashmarkername: setroubleshoot kernel: 5.3.12-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.wlp59s0. type: libreport
Similar problem has been detected: Happened randomly in background hashmarkername: setroubleshoot kernel: 5.3.12-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the Verzeichnis chrony.servers.enp3s0. type: libreport
Similar problem has been detected: Duplicate of bug 1770698? No WIFI installed in my computer, only connected via LAN. Apart from the error message no misbehaviour. hashmarkername: setroubleshoot kernel: 5.3.12-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the Verzeichnis chrony.servers.enp2s0. type: libreport
Hi all, It looks like you are reporting the same issue as is described in this bug. It should be addressed with the next selinux-policy package update.
Similar problem has been detected: Just started happening, lots of selinux reports. hashmarkername: setroubleshoot kernel: 5.4.0-0.rc8.git0.1.fc32.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'append' accesses on the file /var/lib/dhclient/chrony.servers.wlp4s0. type: libreport
Similar problem has been detected: Shortly after a dnf upgrade (correlation is only anecdotal), I started getting these warnings. I did not change anything myself on the system that should affect this issue. hashmarkername: setroubleshoot kernel: 5.3.13-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.enp11s0f0. type: libreport
*** Bug 1779032 has been marked as a duplicate of this bug. ***
Similar problem has been detected: This happens on every DHCP renew hashmarkername: setroubleshoot kernel: 5.3.13-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.bridge0. type: libreport
Similar problem has been detected: SELinux denial is appearing randomly after a while the system is up and running. hashmarkername: setroubleshoot kernel: 5.3.13-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.wlp4s0. type: libreport
Similar problem has been detected: in boot phase hashmarkername: setroubleshoot kernel: 5.3.13-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the diretório chrony.servers.wlp2s0. type: libreport
Just wondering, how did a bug such as this, that affects sooooo many people escape QA?
(In reply to Brian J. Murrell from comment #54) > Just wondering, how did a bug such as this, that affects sooooo many people escape QA? It didn't. All of us are the QA in Fedora. :-) Seriously, it was actually an update to dhcp-client package that broke this and selinux-policy packagers get keep the pieces. In the process of fixing this, they created a different problem for some, which then caused the update to get obsoleted (https://bodhi.fedoraproject.org/updates/FEDORA-2019-fefda9dd5e), which then meant back to the drawing board. In the meantime, dhcp-client package made it to stable and the rest is history.
Fun times, I guess.
I have tested the latest version 3.14.4-43.fc31 (https://koji.fedoraproject.org/koji/buildinfo?buildID=1418803). Unfortunately no difference to what I've reported here : https://bugzilla.redhat.com/show_bug.cgi?id=1770698#c29
Similar problem has been detected: I suppose it happens if the DHCP server provides NTP servers hashmarkername: setroubleshoot kernel: 5.3.13-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.wlp2s0b1. type: libreport
I'm getting this every couple minutes: SELinux is preventing 11-dhclient from add_name access on the directory chrony.servers.wlp2s0. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that 11-dhclient should be allowed add_name access on the chrony.servers.wlp2s0 directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c '11-dhclient' --raw | audit2allow -M my-11dhclient # semodule -X 300 -i my-11dhclient.pp Additional Information: Source Context system_u:system_r:NetworkManager_t:s0 Target Context system_u:object_r:dhcpc_state_t:s0 Target Objects chrony.servers.wlp2s0 [ dir ] Source 11-dhclient Source Path 11-dhclient Port <Unknown> Host carbon Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.4-40.fc31.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name carbon Platform Linux carbon 5.3.7-301.fc31.x86_64 #1 SMP Mon Oct 21 19:18:58 UTC 2019 x86_64 x86_64 Alert Count 8 First Seen 2019-12-04 09:16:34 CET Last Seen 2019-12-04 10:04:35 CET Local ID 2374ba17-aac5-4419-aeed-4d45583489bb Raw Audit Messages type=AVC msg=audit(1575450275.609:11600): avc: denied { add_name } for pid=3914605 comm="11-dhclient" name="chrony.servers.wlp2s0" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=dir permissive=0 Hash: 11-dhclient,NetworkManager_t,dhcpc_state_t,dir,add_name This is ON_QA, but the update was unpushed.
Similar problem has been detected: Logging in / getting an IP on a new network hashmarkername: setroubleshoot kernel: 5.3.13-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.wlp4s0. type: libreport
Similar problem has been detected: The AVC denial report seems to randomly pop up. especially when surfing the web. hashmarkername: setroubleshoot kernel: 5.3.13-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the directory chrony.servers.enp4s0. type: libreport
Similar problem has been detected: This started to happen regurarly after Fedora 30 -> 31 upgrade hashmarkername: setroubleshoot kernel: 5.3.13-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'add_name' accesses on the adresář chrony.servers.wlp2s0. type: libreport
container-selinux-2.123.0-2.fc31, selinux-policy-3.14.4-43.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-fefda9dd5e
Similar problem has been detected: NetworkManager connection to a wifi network causes this. hashmarkername: setroubleshoot kernel: 5.3.13-300.fc31.x86_64 reason: SELinux is preventing 11-dhclient from 'append' accesses on the file chrony.servers.wlan0. type: libreport
Similar problem has been detected: It just keeps popping up. Why is it alerting on my dhcp client? Makes no sense. hashmarkername: setroubleshoot kernel: 5.3.11-300.fc31.x86_64 package: selinux-policy-3.14.4-40.fc31.noarch reason: SELinux is preventing 11-dhclient from 'append' accesses on the file chrony.servers.wlp1s0. type: libreport
container-selinux-2.123.0-2.fc31, selinux-policy-3.14.4-43.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.