Description of problem: SELinux is preventing genie-daemon from 'watch' accesses on the directory /root/distrs/inside/Модули бизнес-логики/openpyxl/openpyxl306/chart/__pycache__. ***** Plugin restorecon (99.5 confidence) suggests ************************ If you want to fix the label. /root/distrs/inside/Модули бизнес-логики/openpyxl/openpyxl306/chart/__pycache__ default label should be admin_home_t. Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly. Do # /sbin/restorecon -v /root/distrs/inside/Модули бизнес-логики/openpyxl/openpyxl306/chart/__pycache__ ***** Plugin catchall (1.49 confidence) suggests ************************** If you believe that genie-daemon should be allowed watch access on the __pycache__ directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'genie-daemon' --raw | audit2allow -M my-geniedaemon # semodule -X 300 -i my-geniedaemon.pp Additional Information: Source Context system_u:system_r:container_t:s0:c623,c904 Target Context system_u:object_r:fusefs_t:s0 Target Objects /root/distrs/inside/Модули бизнес- логики/openpyxl/openpyxl306/chart/__pycache__ [ dir ] Source genie-daemon Source Path genie-daemon Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-3.14.8-1.fc35.noarch Local Policy RPM selinux-policy-targeted-3.14.8-1.fc35.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 5.11.0-0.rc7.20210212git291009f656 e8.151.fc35.x86_64 #1 SMP Sat Feb 13 01:01:00 +05 2021 x86_64 x86_64 Alert Count 4 First Seen 2021-02-15 10:22:40 +05 Last Seen 2021-02-15 10:28:58 +05 Local ID 33c1b2c9-86fd-43f7-a8a5-fd44261b34e3 Raw Audit Messages type=AVC msg=audit(1613366938.483:872): avc: denied { watch } for pid=83899 comm="genie-daemon" path=2F726F6F742F6469737472732F696E736964652FD09CD0BED0B4D183D0BBD0B820D0B1D0B8D0B7D0BDD0B5D1812DD0BBD0BED0B3D0B8D0BAD0B82F6F70656E7079786C2F6F70656E7079786C3330362F63686172742F5F5F707963616368655F5F dev="fuse" ino=155209791 scontext=system_u:system_r:container_t:s0:c623,c904 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir permissive=1 Hash: genie-daemon,container_t,fusefs_t,dir,watch Version-Release number of selected component: selinux-policy-targeted-3.14.8-1.fc35.noarch Additional info: component: selinux-policy reporter: libreport-2.14.0 hashmarkername: setroubleshoot kernel: 5.11.0-0.rc7.20210212git291009f656e8.151.fc35.x86_64 type: libreport
This bug appears to have been reported against 'rawhide' during the Fedora 35 development cycle. Changing version to 35.
*** This bug has been marked as a duplicate of bug 1928599 ***