Description of problem: The fapolicyd policy module shipped in fapolicyd-selinux package does not define a file context pattern for /run/fapolicyd.pid file. # semanage fcontext -l | grep fapolicyd_var_run_t /var/run/fapolicyd(/.*)? all files system_u:object_r:fapolicyd_var_run_t:s0 # It's a good practice to define file context pattern also for PID files. Majority of policy modules define file context patterns for PID files, which are associated with services confined by those policy modules. The rest of PID files end up with <<None>> which means that their SELinux context cannot be repaired (via restorecon or auto-relabel) if the file-system gets mislabeled. # semanage fcontext -l | grep pid | grep -i none /run/.*\.*pid all files <<None>> /var/run/.*\.*pid all files <<None>> # Version-Release number of selected component (if applicable): fapolicyd-0.9.4-1.fc32.x86_64 fapolicyd-selinux-0.9.4-1.fc32.noarch selinux-policy-3.14.5-38.fc32.noarch selinux-policy-devel-3.14.5-38.fc32.noarch selinux-policy-doc-3.14.5-38.fc32.noarch selinux-policy-targeted-3.14.5-38.fc32.noarch How reproducible: * always Steps to Reproduce: 1. get a Fedora 31 or 32 machine (targeted policy is active) 2. start the fapolicyd service Actual results: # matchpathcon /run/fapolicyd.pid /var/run/fapolicyd.pid <<none>> # Expected results: # matchpathcon /run/fapolicyd.pid /var/run/fapolicyd.pid system_u:object_r:fapolicyd_var_run_t:s0 #
FEDORA-2020-f4711939b6 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-f4711939b6
FEDORA-2020-50e464eff0 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-50e464eff0
FEDORA-2020-50e464eff0 has been pushed to the Fedora 31 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-50e464eff0` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-50e464eff0 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-f4711939b6 has been pushed to the Fedora 32 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-f4711939b6` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-f4711939b6 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-f4711939b6 has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2020-50e464eff0 has been pushed to the Fedora 31 stable repository. If problem still persists, please make note of it in this bug report.