Description of problem: SELinux is preventing sudo from 'getattr' accesses on the filesystem /proc. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that sudo should be allowed getattr access on the proc filesystem by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'sudo' --raw | audit2allow -M my-sudo # semodule -X 300 -i my-sudo.pp Additional Information: Source Context system_u:system_r:procmail_t:s0 Target Context system_u:object_r:proc_t:s0 Target Objects /proc [ filesystem ] Source sudo Source Path sudo Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM <Unknown> Local Policy RPM selinux-policy-targeted-3.14.6-29.fc33.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.8.16-300.fc33.x86_64 #1 SMP Mon Oct 19 13:18:33 UTC 2020 x86_64 x86_64 Alert Count 1 First Seen 2020-10-28 11:06:44 EDT Last Seen 2020-10-28 11:06:44 EDT Local ID 2adc410d-d3f4-453a-a7f3-61cf63b3a7b4 Raw Audit Messages type=AVC msg=audit(1603897604.654:1325): avc: denied { getattr } for pid=131999 comm="sudo" name="/" dev="proc" ino=1 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=filesystem permissive=1 Hash: sudo,procmail_t,proc_t,filesystem,getattr Additional info: component: selinux-policy reporter: libreport-2.14.0 hashmarkername: setroubleshoot kernel: 5.8.16-300.fc33.x86_64 type: libreport
This access needs to be allowed for the domain attribute.
*** Bug 1908122 has been marked as a duplicate of this bug. ***
*** Bug 1911395 has been marked as a duplicate of this bug. ***
*** Bug 1911435 has been marked as a duplicate of this bug. ***
I've submitted a Fedora PR to address the issue: https://github.com/fedora-selinux/selinux-policy/pull/527
Similar problem has been detected: Not really sure at all? I am trying to get Pidgin IM to open on its own as well as with Matrix Plugins and others. All my hunches are pure speculation. Maybe something to do with Cheese Libraries? hashmarkername: setroubleshoot kernel: 5.10.0-0.rc6.20201204git34816d20f173.92.fc34.x86_64 package: selinux-policy-targeted-3.14.7-13.fc34.noarch reason: SELinux is preventing systemctl from 'getattr' accesses on the filesystem /proc. type: libreport
Merged: commit d58c107591c0f99ee8003221296f998ad75d8148 (HEAD -> f33, upstream/f33) Author: Zdenek Pytela <zpytela> Date: Mon Jan 4 19:50:49 2021 +0100 Allow domain stat /proc filesystem Resolves: rhbz#1892401
Similar problem has been detected: No idea what happened. I went for a walk and came home and my system was powered off. When I left home for my walk it all was spinning fine. How it powered off I do not know? hashmarkername: setroubleshoot kernel: 5.10.0-0.rc6.20201204git34816d20f173.92.fc34.x86_64 package: selinux-policy-targeted-3.14.7-13.fc34.noarch reason: SELinux is preventing systemctl from 'getattr' accesses on the filesystem /proc. type: libreport
FEDORA-2021-6030ff881c has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-6030ff881c
FEDORA-2021-6030ff881c has been pushed to the Fedora 33 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-6030ff881c` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-6030ff881c See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-6030ff881c has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report.
*** This bug has been marked as a duplicate of bug 1967125 ***
Note this is a Fedora bz.