Description of problem: type=AVC msg=audit(1575717011.282:874): avc: denied { write } for pid=11029 comm="7_dirty_io_sche" name="rabbitmq.config" dev="nvme1n1p4" ino=7077995 scontext=system_u:system_r:rabbitmq_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file permissive=0 Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access. Version-Release number of selected component (if applicable): selinux-policy-3.14.4-40.fc31.noarch How reproducible: Install rabbitmq-server and start it Steps to Reproduce: 1. Install rabbitmq-server 2. Start 3. Observe logs Actual results: AVC denied error Expected results: No AVC denied error Additional info: audit2allow output #============= rabbitmq_t ============== allow rabbitmq_t etc_t:file write;
It will be fixed in the selinux-policy packages. RP: https://github.com/fedora-selinux/selinux-policy-contrib/pull/179
commit 43e2de656ea04a4309c98039a1fcddf416ef6dba (HEAD -> rawhide, origin/rawhide, origin/HEAD) Author: Richard Filo <rfilo> Date: Tue Dec 17 16:13:53 2019 +0100 Add new file context rabbitmq_conf_t. The rabbitmq_conf_t is context for configuration files. Allow rabbitmq_t domain to manage files and dirs labled rabbitmq_conf_t. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1780824
selinux-policy-3.14.4-44.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-397eea28b7
selinux-policy-3.14.4-44.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.