Description of problem: SELinux is preventing pcscd from 'sys_ptrace' accesses on the cap_userns labeled pcscd_t. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that pcscd should be allowed sys_ptrace access on cap_userns labeled pcscd_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'pcscd' --raw | audit2allow -M my-pcscd # semodule -X 300 -i my-pcscd.pp Additional Information: Source Context system_u:system_r:pcscd_t:s0 Target Context system_u:system_r:pcscd_t:s0 Target Objects Unknown [ cap_userns ] Source pcscd Source Path pcscd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-3.14.6-39.fc33.noarch Local Policy RPM selinux-policy-targeted-3.14.6-39.fc33.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 5.13.4-100.fc33.x86_64 #1 SMP Tue Jul 20 22:25:05 UTC 2021 x86_64 x86_64 Alert Count 1 First Seen 2021-07-27 18:16:07 AWST Last Seen 2021-07-27 18:16:07 AWST Local ID d29becc1-e3b7-416d-93b2-f68d1a3ab17e Raw Audit Messages type=AVC msg=audit(1627380967.984:289): avc: denied { sys_ptrace } for pid=1204 comm="pcscd" capability=19 scontext=system_u:system_r:pcscd_t:s0 tcontext=system_u:system_r:pcscd_t:s0 tclass=cap_userns permissive=1 Hash: pcscd,pcscd_t,pcscd_t,cap_userns,sys_ptrace Version-Release number of selected component: selinux-policy-targeted-3.14.6-39.fc33.noarch Additional info: component: selinux-policy reporter: libreport-2.15.2 hashmarkername: setroubleshoot kernel: 5.13.12-100.fc33.x86_64 type: libreport Potential duplicate: bug 1985823
*** This bug has been marked as a duplicate of bug 1985823 ***