Bug 1956086 - SELinux is preventing mktemp from using the dac_read_search capability.
Summary: SELinux is preventing mktemp from using the dac_read_search capability.
Keywords:
Status: NEW
Alias: None
Product: Fedora Modules
Classification: Fedora
Component: setools
Version: unspecified
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Vit Mojzis
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-05-02 16:27 UTC by Jeff
Modified: 2021-05-02 16:41 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug


Attachments (Terms of Use)
The SELinux error (38.22 KB, image/png)
2021-05-02 16:27 UTC, Jeff
no flags Details

Description Jeff 2021-05-02 16:27:21 UTC
Created attachment 1778609 [details]
The SELinux error

Description of problem:
SELinux gave me the above message with this suggested action in the details.
"Turn on full auditing
# auditctl -w /etc/shadow -p w
Try to recreate AVC. Then execute
# ausearch -m avc -ts recent
If you see PATH record check ownership/permissions on file, and fix it,
otherwise report as a bugzilla."

I followed the suggested steps with this result.
"[root@eagle lib]# auditctl -w /etc/shadow -p w
[root@eagle lib]# ausearch -m avc -ts recent
<no matches>"

Version-Release number of selected component (if applicable):

4.3.0-5.fc33

How reproducible:

wait and the report returns

Steps to Reproduce:

1. Uncertain since the error appears automatically.  
2.
3.

Actual results:

SELinux error appears at about 3:45 AM local time

Expected results:

No SELinux errors

Additional info:

My system is running with SELinux in permissive mode, and is daily updated.  This error has appeared many times in the past several days. I have to keep clearing the alerts.


Note You need to log in before you can comment on or make changes to this bug.