Description of problem: SELinux is preventing modprobe from 'confidentiality' accesses on the lockdown Sconosciuto. ***** Plugin catchall (100. confidence) suggests ************************** Se ci credi modprobe dovrebbe essere consentito confidentiality accesso al Sconosciuto lockdown per impostazione predefinita. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do consentire questo accesso per ora eseguendo: # ausearch -c 'modprobe' --raw | audit2allow -M my-$MODULE_NOME # semodule -X 300 -i miei-modprobe.pp Additional Information: Source Context system_u:system_r:unconfined_service_t:s0 Target Context system_u:system_r:unconfined_service_t:s0 Target Objects Sconosciuto [ lockdown ] Source modprobe Source Path modprobe Port <Sconosciuto> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-34.3-1.fc34.noarch Local Policy RPM selinux-policy-targeted-34.3-1.fc34.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.11.16-300.fc34.x86_64 #1 SMP Wed Apr 21 13:18:33 UTC 2021 x86_64 x86_64 Alert Count 550 First Seen 2021-05-01 10:42:31 CEST Last Seen 2021-05-01 10:42:31 CEST Local ID 9790b3b3-20a8-47cf-af12-a782631940ca Raw Audit Messages type=AVC msg=audit(1619858551.397:2089): avc: denied { confidentiality } for pid=549301 comm="modprobe" lockdown_reason="use of tracefs" scontext=system_u:system_r:unconfined_service_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=lockdown permissive=0 Hash: modprobe,unconfined_service_t,unconfined_service_t,lockdown,confidentiality Version-Release number of selected component: selinux-policy-targeted-34.3-1.fc34.noarch Additional info: component: selinux-policy reporter: libreport-2.14.0 hashmarkername: setroubleshoot kernel: 5.11.16-300.fc34.x86_64 type: libreport
Similar problem has been detected: Alert appearing at login following update from Fedora 33 -> 34 following the docs (https://docs.fedoraproject.org/en-US/quick-docs/dnf-system-upgrade/). In particular, issued `sudo fixfiles -B onboot`. hashmarkername: setroubleshoot kernel: 5.11.16-300.fc34.x86_64 reason: SELinux is preventing modprobe from 'confidentiality' accesses on the lockdown labeled unconfined_service_t. type: libreport