Description of problem: vnstat.service fails to start Version-Release number of selected component (if applicable): vnstat-2.6-2.el8.x86_64 How reproducible: always Steps to Reproduce: 1. systemctl start vnstat 2. 3. Actual results: Started vnStat network traffic monitor. vnstat.service: Main process exited, code=exited, status=238/STATE_DIRE> vnstat.service: Failed with result 'exit-code'. vnstat.service: Service RestartSec=2s expired, scheduling restart. vnstat.service: Scheduled restart job, restart counter is at 4. Stopped vnStat network traffic monitor. vnstat.service: Start request repeated too quickly. vnstat.service: Failed with result 'exit-code'. Failed to start vnStat network traffic monitor. Expected results: Started vnStat network traffic monitor. Additional info: type=AVC msg=audit(1605321732.552:110422): avc: denied { setattr } for pid=632718 comm="(vnstatd)" name="vnstat" dev="dm-0" ino=34025782 [/var/lib/vnstat] scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:vnstatd_var_lib_t:s0 tclass=dir permissive=0
selinux-policy-targeted-3.14.3-41.el8_2.8.noarch Was updated in Oct 30, 2020 and vnstat was working in Mar 2020.
Fixed with local policy: module vnstat_local 1.0; require { type vnstatd_var_lib_t; type init_t; class dir { setattr read mounton }; } #============= init_t ============== allow init_t vnstatd_var_lib_t:dir { setattr read mounton }; When vnstatd is running, /proc/<pid>/mountinfo contains: 1358 1356 253:0 /var/lib/vnstat /var/lib/vnstat rw,relatime shared:594 master:1 - xfs /dev/mapper/vg_ffx-root rw,seclabel,attr2,inode64,noquota So bug seems to be on CentOS end.