Description of problem: This show up when I rebooted. This shows up after any restart. SELinux is preventing cupsd from 'search' accesses on the directory /sys/fs/cgroup. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that cupsd should be allowed search access on the cgroup directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'cupsd' --raw | audit2allow -M my-cupsd # semodule -X 300 -i my-cupsd.pp Additional Information: Source Context system_u:system_r:cupsd_t:s0-s0:c0.c1023 Target Context system_u:object_r:cgroup_t:s0 Target Objects /sys/fs/cgroup [ dir ] Source cupsd Source Path cupsd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-3.14.7-24.fc34.noarch Local Policy RPM selinux-policy-targeted-3.14.7-24.fc34.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.11.2-300.fc34.x86_64 #1 SMP Fri Feb 26 17:05:35 UTC 2021 x86_64 x86_64 Alert Count 1 First Seen 2021-03-04 08:20:22 EST Last Seen 2021-03-04 08:20:22 EST Local ID 5696e7aa-f189-49bd-9130-90aee4984594 Raw Audit Messages type=AVC msg=audit(1614864022.396:648): avc: denied { search } for pid=798 comm="cupsd" name="/" dev="cgroup2" ino=1 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir permissive=0 Hash: cupsd,cupsd_t,cgroup_t,dir,search Version-Release number of selected component: selinux-policy-targeted-3.14.7-24.fc34.noarch Additional info: component: selinux-policy reporter: libreport-2.14.0 hashmarkername: setroubleshoot kernel: 5.11.2-300.fc34.x86_64 type: libreport
Similar problem has been detected: I added a user and the notification came up. The user was set as Admin and a password was filled in. hashmarkername: setroubleshoot kernel: 5.11.3-300.fc34.x86_64 package: selinux-policy-targeted-3.14.7-25.fc34.noarch reason: SELinux is preventing cupsd from 'search' accesses on the directory /sys/fs/cgroup. type: libreport
The same seems to apply to cups-browsed: type=AVC msg=audit(1616597309.181:508): avc: denied { search } for pid=1122 comm="cups-browsed" name="/" dev="cgroup2" ino=1 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir permissive=0
*** Bug 1942577 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of bug 1944597 ***