Description of problem: Opening a VPN that sets the DNS. Those resources go into /etc/resolv.conf SELinux is preventing openfortivpn from 'write' accesses on the file resolv.conf. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that openfortivpn should be allowed write access on the resolv.conf file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'openfortivpn' --raw | audit2allow -M my-openfortivpn # semodule -X 300 -i my-openfortivpn.pp Additional Information: Source Context system_u:system_r:openfortivpn_t:s0 Target Context system_u:object_r:net_conf_t:s0 Target Objects resolv.conf [ file ] Source openfortivpn Source Path openfortivpn Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM <Unknown> Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.3.16-300.fc31.x86_64 #1 SMP Fri Dec 13 17:59:04 UTC 2019 x86_64 x86_64 Alert Count 1 First Seen 2020-01-08 09:03:34 CET Last Seen 2020-01-08 09:03:34 CET Local ID 25babccf-661a-4a19-ae3e-f63c9eba106c Raw Audit Messages type=AVC msg=audit(1578470614.565:373): avc: denied { write } for pid=209261 comm="openfortivpn" name="resolv.conf" dev="dm-0" ino=263282 scontext=system_u:system_r:openfortivpn_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=file permissive=0 Hash: openfortivpn,openfortivpn_t,net_conf_t,file,write Additional info: component: selinux-policy reporter: libreport-2.11.3 hashmarkername: setroubleshoot kernel: 5.3.16-300.fc31.x86_64 type: libreport Potential duplicate: bug 1787944
*** This bug has been marked as a duplicate of bug 1787944 ***