Description of problem: # sudo traceroute -I www.redhat.com SELinux is preventing traceroute from 'node_bind' accesses on the icmp_socket labeled node_t. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that traceroute should be allowed node_bind access on icmp_socket labeled node_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'traceroute' --raw | audit2allow -M my-traceroute # semodule -X 300 -i my-traceroute.pp Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context system_u:object_r:node_t:s0 Target Objects Unknown [ icmp_socket ] Source traceroute Source Path traceroute Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-3.14.5-40.fc32.noarch Local Policy RPM selinux-policy-targeted-3.14.5-40.fc32.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.6.16-300.fc32.x86_64 #1 SMP Thu Jun 4 18:08:38 UTC 2020 x86_64 x86_64 Alert Count 4 First Seen 2020-03-23 16:37:37 CET Last Seen 2020-06-30 14:36:42 CEST Local ID d7cac75e-2c5a-4e60-98bc-cd8d8b7bb825 Raw Audit Messages type=AVC msg=audit(1593520602.985:8850): avc: denied { node_bind } for pid=1129204 comm="traceroute" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:node_t:s0 tclass=icmp_socket permissive=0 Hash: traceroute,unconfined_t,node_t,icmp_socket,node_bind Version-Release number of selected component: selinux-policy-targeted-3.14.5-40.fc32.noarch Additional info: component: selinux-policy reporter: libreport-2.13.1 hashmarkername: setroubleshoot kernel: 5.6.16-300.fc32.x86_64 type: libreport Potential duplicate: bug 1810403
*** This bug has been marked as a duplicate of bug 1848929 ***