Description of problem: logrotate should have access to rotate akmods logs SELinux is preventing logrotate from 'getattr' accesses on the file /var/cache/akmods/akmods.log. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow logrotate to have getattr access on the akmods.log file Then you need to change the label on /var/cache/akmods/akmods.log Do # semanage fcontext -a -t FILE_TYPE '/var/cache/akmods/akmods.log' where FILE_TYPE is one of the following: NetworkManager_exec_t, NetworkManager_initrc_exec_t, NetworkManager_log_t, NetworkManager_tmp_t, NetworkManager_unit_file_t, NetworkManager_var_run_t, abrt_dump_oops_exec_t, abrt_exec_t, abrt_handle_event_exec_t, abrt_helper_exec_t, abrt_initrc_exec_t, abrt_retrace_coredump_exec_t, abrt_retrace_worker_exec_t, abrt_tmp_t, abrt_unit_file_t, abrt_upload_watch_exec_t, abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_log_t, abrt_var_run_t, abrt_watch_log_exec_t, accountsd_exec_t, accountsd_unit_file_t, acct_data_t, acct_exec_t, acct_initrc_exec_t, admin_crontab_tmp_t, admin_passwd_exec_t, afs_bosserver_exec_t, afs_exec_t, afs_fsserver_exec_t, afs_initrc_exec_t, afs_kaserver_exec_t, afs_logfile_t, afs_ptserver_exec_t, afs_vlserver_exec_t, aiccu_exec_t, aiccu_initrc_exec_t, aiccu_var_run_t, aide_exec_t, aide_log_t, ajaxterm_exec_t, ajaxterm_initrc_exec_t, ajaxterm_var_run_t, alsa_exec_t, alsa_tmp_t, alsa_unit_file_t, alsa_var_run_t, amanda_exec_t, amanda_inetd_exec_t, amanda_log_t, amanda_recover_exec_t, amanda_tmp_t, amanda_unit_file_t, amtu_exec_t, amtu_initrc_exec_t, anaconda_exec_t, anacron_exec_t, antivirus_exec_t, antivirus_initrc_exec_t, antivirus_log_t, antivirus_tmp_t, antivirus_unit_file_t, antivirus_var_run_t, apcupsd_cgi_script_exec_t, apcupsd_exec_t, apcupsd_initrc_exec_t, apcupsd_log_t, apcupsd_tmp_t, apcupsd_unit_file_t, apcupsd_var_run_t, apm_exec_t, apmd_exec_t, apmd_initrc_exec_t, apmd_log_t, apmd_tmp_t, apmd_unit_file_t, apmd_var_run_t, arpwatch_exec_t, arpwatch_initrc_exec_t, arpwatch_tmp_t, arpwatch_unit_file_t, arpwatch_var_run_t, asterisk_exec_t, asterisk_initrc_exec_t, asterisk_log_t, asterisk_tmp_t, asterisk_var_run_t, audisp_exec_t, audisp_remote_exec_t, audisp_var_run_t, auditadm_sudo_tmp_t, auditctl_exec_t, auditd_exec_t, auditd_initrc_exec_t, auditd_log_t, auditd_tmp_t, auditd_unit_file_t, auditd_var_run_t, auth_cache_t, authconfig_exec_t, automount_exec_t, automount_initrc_exec_t, automount_tmp_t, automount_unit_file_t, automount_var_run_t, avahi_exec_t, avahi_initrc_exec_t, avahi_unit_file_t, avahi_var_run_t, awstats_exec_t, awstats_script_exec_t, awstats_tmp_t, bacula_admin_exec_t, bacula_exec_t, bacula_initrc_exec_t, bacula_log_t, bacula_tmp_t, bacula_unconfined_script_exec_t, bacula_var_run_t, bcfg2_exec_t, bcfg2_initrc_exec_t, bcfg2_unit_file_t, bcfg2_var_run_t, bin_t, bitlbee_exec_t, bitlbee_initrc_exec_t, bitlbee_log_t, bitlbee_tmp_t, bitlbee_var_run_t, blkmapd_exec_t, blkmapd_initrc_exec_t, blkmapd_var_run_t, blktap_exec_t, blktap_var_run_t, blueman_exec_t, blueman_tmp_t, blueman_var_run_t, bluetooth_exec_t, bluetooth_helper_exec_t, bluetooth_helper_tmp_t, bluetooth_helper_tmpfs_t, bluetooth_initrc_exec_t, bluetooth_tmp_t, bluetooth_unit_file_t, bluetooth_var_run_t, boinc_exec_t, boinc_initrc_exec_t, boinc_log_t, boinc_project_tmp_t, boinc_tmp_t, boinc_unit_file_t, boltd_exec_t, boltd_var_run_t, boot_t, bootloader_exec_t, bootloader_tmp_t, bootloader_var_run_t, brctl_exec_t, brltty_exec_t, brltty_log_t, brltty_unit_file_t, brltty_var_run_t, bugzilla_script_exec_t, bugzilla_tmp_t, bumblebee_exec_t, bumblebee_unit_file_t, bumblebee_var_run_t, cachefilesd_exec_t, cachefilesd_var_run_t, calamaris_exec_t, calamaris_log_t, callweaver_exec_t, callweaver_initrc_exec_t, callweaver_log_t, callweaver_var_run_t, canna_exec_t, canna_initrc_exec_t, canna_log_t, canna_var_run_t, cardctl_exec_t, cardmgr_dev_t, cardmgr_exec_t, cardmgr_var_run_t, ccs_exec_t, ccs_initrc_exec_t, ccs_tmp_t, ccs_var_lib_t, ccs_var_log_t, ccs_var_run_t, cdcc_exec_t, cdcc_tmp_t, cdrecord_exec_t, cert_t, certmaster_exec_t, certmaster_initrc_exec_t, certmaster_var_log_t, certmaster_var_run_t, certmonger_exec_t, certmonger_initrc_exec_t, certmonger_tmp_t, certmonger_unconfined_exec_t, certmonger_unit_file_t, certmonger_var_run_t, certwatch_exec_t, cfengine_execd_exec_t, cfengine_initrc_exec_t, cfengine_log_t, cfengine_monitord_exec_t, cfengine_serverd_exec_t, cgclear_exec_t, cgconfig_exec_t, cgconfig_initrc_exec_t, cgred_exec_t, cgred_initrc_exec_t, cgred_log_t, cgred_var_run_t, cgroup_t, checkpc_exec_t, checkpc_log_t, checkpolicy_exec_t, chfn_exec_t, chkpwd_exec_t, chrome_sandbox_exec_t, chrome_sandbox_nacl_exec_t, chrome_sandbox_tmp_t, chronyc_exec_t, chronyd_exec_t, chronyd_initrc_exec_t, chronyd_keys_t, chronyd_tmp_t, chronyd_unit_file_t, chronyd_var_log_t, chronyd_var_run_t, chroot_exec_t, cifs_t, cinder_api_exec_t, cinder_api_tmp_t, cinder_api_unit_file_t, cinder_backup_exec_t, cinder_backup_tmp_t, cinder_backup_unit_file_t, cinder_log_t, cinder_scheduler_exec_t, cinder_scheduler_tmp_t, cinder_scheduler_unit_file_t, cinder_var_run_t, cinder_volume_exec_t, cinder_volume_tmp_t, cinder_volume_unit_file_t, ciped_exec_t, ciped_initrc_exec_t, clogd_exec_t, clogd_var_run_t, cloud_init_exec_t, cloud_init_tmp_t, cloud_init_unit_file_t, cloud_log_t, cluster_conf_t, cluster_exec_t, cluster_initrc_exec_t, cluster_tmp_t, cluster_unit_file_t, cluster_var_lib_t, cluster_var_log_t, cluster_var_run_t, clvmd_exec_t, clvmd_initrc_exec_t, clvmd_var_run_t, cmirrord_exec_t, cmirrord_initrc_exec_t, cmirrord_var_run_t, cobbler_tmp_t, cobbler_var_log_t, cobblerd_exec_t, cobblerd_initrc_exec_t, cockpit_session_exec_t, cockpit_tmp_t, cockpit_tmpfs_t, cockpit_unit_file_t, cockpit_var_run_t, cockpit_ws_exec_t, collectd_exec_t, collectd_initrc_exec_t, collectd_log_t, collectd_rw_content_t, collectd_script_exec_t, collectd_script_tmp_t, collectd_unit_file_t, collectd_var_run_t, colord_exec_t, colord_tmp_t, colord_unit_file_t, comsat_exec_t, comsat_tmp_t, comsat_var_run_t, condor_collector_exec_t, condor_initrc_exec_t, condor_log_t, condor_master_exec_t, condor_master_tmp_t, condor_negotiator_exec_t, condor_procd_exec_t, condor_schedd_exec_t, condor_schedd_tmp_t, condor_startd_exec_t, condor_startd_tmp_t, condor_unit_file_t, condor_var_run_t, conman_exec_t, conman_log_t, conman_tmp_t, conman_unconfined_script_exec_t, conman_unit_file_t, conman_var_run_t, conntrackd_exec_t, conntrackd_initrc_exec_t, conntrackd_log_t, conntrackd_unit_file_t, conntrackd_var_run_t, consolehelper_exec_t, consolekit_exec_t, consolekit_log_t, consolekit_unit_file_t, consolekit_var_run_t, container_auth_exec_t, container_file_t, container_kvm_var_run_t, container_log_t, container_plugin_var_run_t, container_runtime_exec_t, container_runtime_tmp_t, container_unit_file_t, container_var_run_t, couchdb_exec_t, couchdb_initrc_exec_t, couchdb_log_t, couchdb_tmp_t, couchdb_unit_file_t, couchdb_var_run_t, courier_authdaemon_exec_t, courier_exec_t, courier_pcp_exec_t, courier_pop_exec_t, courier_sqwebmail_exec_t, courier_tcpd_exec_t, courier_var_run_t, cpu_online_t, cpucontrol_exec_t, cpufreqselector_exec_t, cpuplug_exec_t, cpuplug_initrc_exec_t, cpuplug_var_run_t, cpuspeed_exec_t, cpuspeed_var_run_t, crack_exec_t, crack_tmp_t, cron_log_t, cron_var_run_t, crond_exec_t, crond_initrc_exec_t, crond_tmp_t, crond_unit_file_t, crond_var_run_t, crontab_exec_t, crontab_tmp_t, ctdbd_exec_t, ctdbd_initrc_exec_t, ctdbd_log_t, ctdbd_tmp_t, ctdbd_var_run_t, cups_pdf_exec_t, cups_pdf_tmp_t, cupsd_config_exec_t, cupsd_config_var_run_t, cupsd_exec_t, cupsd_initrc_exec_t, cupsd_log_t, cupsd_lpd_exec_t, cupsd_lpd_tmp_t, cupsd_lpd_var_run_t, cupsd_tmp_t, cupsd_unit_file_t, cupsd_var_run_t, cvs_exec_t, cvs_initrc_exec_t, cvs_script_exec_t, cvs_tmp_t, cvs_var_run_t, cyphesis_exec_t, cyphesis_initrc_exec_t, cyphesis_log_t, cyphesis_tmp_t, cyphesis_var_run_t, cyrus_exec_t, cyrus_initrc_exec_t, cyrus_tmp_t, cyrus_var_run_t, dbadm_sudo_tmp_t, dbskkd_exec_t, dbskkd_tmp_t, dbskkd_var_run_t, dbusd_etc_t, dbusd_exec_t, dbusd_unit_file_t, dcc_client_exec_t, dcc_client_tmp_t, dcc_dbclean_exec_t, dcc_dbclean_tmp_t, dcc_var_run_t, dccd_exec_t, dccd_tmp_t, dccd_var_run_t, dccifd_exec_t, dccifd_tmp_t, dccifd_var_run_t, dccm_exec_t, dccm_tmp_t, dccm_var_run_t, dcerpcd_exec_t, dcerpcd_var_run_t, ddclient_exec_t, ddclient_initrc_exec_t, ddclient_log_t, ddclient_tmp_t, ddclient_var_run_t, debuginfo_exec_t, deltacloudd_exec_t, deltacloudd_log_t, deltacloudd_tmp_t, deltacloudd_var_run_t, denyhosts_exec_t, denyhosts_initrc_exec_t, denyhosts_var_log_t, devicekit_disk_exec_t, devicekit_exec_t, devicekit_power_exec_t, devicekit_tmp_t, devicekit_var_log_t, devicekit_var_run_t, dhcpc_exec_t, dhcpc_helper_exec_t, dhcpc_tmp_t, dhcpc_var_run_t, dhcpd_exec_t, dhcpd_initrc_exec_t, dhcpd_tmp_t, dhcpd_unit_file_t, dhcpd_var_run_t, dictd_exec_t, dictd_initrc_exec_t, dictd_var_run_t, dirsrv_exec_t, dirsrv_snmp_exec_t, dirsrv_snmp_var_log_t, dirsrv_snmp_var_run_t, dirsrv_tmp_t, dirsrv_unit_file_t, dirsrv_var_log_t, dirsrv_var_run_t, dirsrvadmin_exec_t, dirsrvadmin_script_exec_t, dirsrvadmin_tmp_t, dirsrvadmin_unconfined_script_exec_t, dirsrvadmin_unit_file_t, disk_munin_plugin_exec_t, disk_munin_plugin_tmp_t, dkim_milter_data_t, dkim_milter_exec_t, dkim_milter_tmp_t, dlm_controld_exec_t, dlm_controld_initrc_exec_t, dlm_controld_var_log_t, dlm_controld_var_run_t, dmesg_exec_t, dmidecode_exec_t, dnsmasq_exec_t, dnsmasq_initrc_exec_t, dnsmasq_tmp_t, dnsmasq_unit_file_t, dnsmasq_var_log_t, dnsmasq_var_run_t, dnssec_trigger_exec_t, dnssec_trigger_tmp_t, dnssec_trigger_unit_file_t, dnssec_trigger_var_run_t, dovecot_auth_exec_t, dovecot_auth_tmp_t, dovecot_deliver_exec_t, dovecot_deliver_tmp_t, dovecot_exec_t, dovecot_initrc_exec_t, dovecot_tmp_t, dovecot_var_log_t, dovecot_var_run_t, drbd_exec_t, drbd_initrc_exec_t, drbd_tmp_t, drbd_var_run_t, dspam_exec_t, dspam_initrc_exec_t, dspam_log_t, dspam_script_exec_t, dspam_var_run_t, efivarfs_t, entropyd_exec_t, entropyd_initrc_exec_t, entropyd_var_run_t, etc_runtime_t, etc_t, eventlogd_exec_t, eventlogd_var_run_t, evtchnd_exec_t, evtchnd_var_log_t, evtchnd_var_run_t, exim_exec_t, exim_initrc_exec_t, exim_log_t, exim_tmp_t, exim_var_run_t, fail2ban_client_exec_t, fail2ban_exec_t, fail2ban_initrc_exec_t, fail2ban_log_t, fail2ban_tmp_t, fail2ban_var_lib_t, fail2ban_var_run_t, faillog_t, fcoemon_exec_t, fcoemon_initrc_exec_t, fcoemon_var_run_t, fenced_exec_t, fenced_tmp_t, fenced_var_log_t, fenced_var_run_t, fetchmail_exec_t, fetchmail_initrc_exec_t, fetchmail_log_t, fetchmail_var_run_t, file_context_t, fingerd_exec_t, fingerd_log_t, fingerd_var_run_t, firewalld_exec_t, firewalld_initrc_exec_t, firewalld_tmp_t, firewalld_unit_file_t, firewalld_var_log_t, firewalld_var_run_t, firewallgui_exec_t, firewallgui_tmp_t, firstboot_exec_t, flatpak_helper_exec_t, foghorn_exec_t, foghorn_initrc_exec_t, foghorn_var_log_t, foghorn_var_run_t, fonts_cache_t, fonts_t, fprintd_exec_t, fprintd_tmp_t, freeipmi_bmc_watchdog_exec_t, freeipmi_bmc_watchdog_unit_file_t, freeipmi_bmc_watchdog_var_run_t, freeipmi_ipmidetectd_exec_t, freeipmi_ipmidetectd_unit_file_t, freeipmi_ipmidetectd_var_run_t, freeipmi_ipmiseld_exec_t, freeipmi_ipmiseld_unit_file_t, freeipmi_ipmiseld_var_run_t, freqset_exec_t, fsadm_exec_t, fsadm_log_t, fsadm_tmp_t, fsadm_var_run_t, fsdaemon_exec_t, fsdaemon_initrc_exec_t, fsdaemon_tmp_t, fsdaemon_var_run_t, ftpd_exec_t, ftpd_initrc_exec_t, ftpd_tmp_t, ftpd_unit_file_t, ftpd_var_run_t, ftpdctl_exec_t, ftpdctl_tmp_t, fusermount_exec_t, fwupd_exec_t, fwupd_unit_file_t, games_exec_t, games_srv_var_run_t, games_tmp_t, games_tmpfs_t, gconf_tmp_t, gconfd_exec_t, gconfdefaultsm_exec_t, gdomap_exec_t, gdomap_initrc_exec_t, gdomap_var_run_t, geoclue_exec_t, geoclue_tmp_t, getty_exec_t, getty_log_t, getty_tmp_t, getty_unit_file_t, getty_var_run_t, gfs_controld_exec_t, gfs_controld_var_log_t, gfs_controld_var_run_t, git_script_exec_t, git_script_tmp_t, gitd_exec_t, gitosis_exec_t, gkeyringd_exec_t, gkeyringd_tmp_t, glance_api_exec_t, glance_api_initrc_exec_t, glance_api_unit_file_t, glance_log_t, glance_registry_exec_t, glance_registry_initrc_exec_t, glance_registry_tmp_t, glance_registry_unit_file_t, glance_scrubber_exec_t, glance_scrubber_initrc_exec_t, glance_scrubber_unit_file_t, glance_tmp_t, glance_var_run_t, glusterd_exec_t, glusterd_initrc_exec_t, glusterd_log_t, glusterd_tmp_t, glusterd_var_run_t, gnome_atspi_exec_t, gnomesystemmm_exec_t, gpg_agent_exec_t, gpg_agent_tmp_t, gpg_agent_tmpfs_t, gpg_exec_t, gpg_helper_exec_t, gpg_pinentry_tmp_t, gpg_pinentry_tmpfs_t, gpm_exec_t, gpm_initrc_exec_t, gpm_tmp_t, gpm_var_run_t, gpsd_exec_t, gpsd_initrc_exec_t, gpsd_var_run_t, greylist_milter_data_t, greylist_milter_exec_t, groupadd_exec_t, groupd_exec_t, groupd_var_log_t, groupd_var_run_t, gssd_exec_t, gssd_tmp_t, gssproxy_exec_t, gssproxy_unit_file_t, gssproxy_var_run_t, haproxy_exec_t, haproxy_unit_file_t, haproxy_var_log_t, haproxy_var_run_t, hddtemp_exec_t, hddtemp_initrc_exec_t, hostapd_exec_t, hostapd_unit_file_t, hostapd_var_run_t, hostname_etc_t, hostname_exec_t, hsqldb_exec_t, hsqldb_tmp_t, hsqldb_unit_file_t, httpd_config_t, httpd_exec_t, httpd_helper_exec_t, httpd_initrc_exec_t, httpd_log_t, httpd_passwd_exec_t, httpd_php_exec_t, httpd_php_tmp_t, httpd_rotatelogs_exec_t, httpd_suexec_exec_t, httpd_suexec_tmp_t, httpd_sys_content_t, httpd_sys_script_exec_t, httpd_tmp_t, httpd_unconfined_script_exec_t, httpd_unit_file_t, httpd_user_script_exec_t, httpd_var_run_t, hwclock_exec_t, hwdata_t, hwloc_dhwd_exec_t, hwloc_dhwd_unit_t, hwloc_var_run_t, hypervkvp_exec_t, hypervkvp_initrc_exec_t, hypervkvp_unit_file_t, hypervvssd_exec_t, hypervvssd_unit_file_t, ibacm_exec_t, ibacm_log_t, ibacm_var_run_t, ica_tmpfs_t, iceauth_exec_t, icecast_exec_t, icecast_initrc_exec_t, icecast_log_t, icecast_var_run_t, ifconfig_exec_t, ifconfig_var_run_t, inetd_child_exec_t, inetd_child_tmp_t, inetd_child_var_run_t, inetd_exec_t, inetd_log_t, inetd_tmp_t, inetd_var_run_t, init_exec_t, init_tmp_t, init_var_run_t, initrc_exec_t, initrc_tmp_t, initrc_var_log_t, initrc_var_run_t, innd_exec_t, innd_initrc_exec_t, innd_log_t, innd_unit_file_t, innd_var_run_t, install_exec_t, iodined_exec_t, iodined_initrc_exec_t, iodined_unit_file_t, iotop_exec_t, ipa_custodia_dmldap_exec_t, ipa_custodia_exec_t, ipa_custodia_log_t, ipa_custodia_pki_tomcat_exec_t, ipa_custodia_ra_agent_exec_t, ipa_custodia_tmp_t, ipa_dnskey_exec_t, ipa_dnskey_unit_file_t, ipa_helper_exec_t, ipa_log_t, ipa_ods_exporter_exec_t, ipa_ods_exporter_unit_file_t, ipa_otpd_exec_t, ipa_otpd_unit_file_t, ipa_tmp_t, ipa_var_run_t, ipmievd_exec_t, ipmievd_helper_exec_t, ipmievd_unit_file_t, ipmievd_var_run_t, ipsec_exec_t, ipsec_initrc_exec_t, ipsec_log_t, ipsec_mgmt_exec_t, ipsec_mgmt_unit_file_t, ipsec_mgmt_var_run_t, ipsec_tmp_t, ipsec_var_run_t, iptables_exec_t, iptables_initrc_exec_t, iptables_tmp_t, iptables_unit_file_t, iptables_var_lib_t, iptables_var_run_t, irc_exec_t, irqbalance_exec_t, irqbalance_initrc_exec_t, irqbalance_var_run_t, irssi_exec_t, iscsi_log_t, iscsi_tmp_t, iscsi_unit_file_t, iscsi_var_run_t, iscsid_exec_t, isnsd_exec_t, isnsd_initrc_exec_t, isnsd_var_run_t, iwhd_exec_t, iwhd_initrc_exec_t, iwhd_log_t, iwhd_var_run_t, jabberd_exec_t, jabberd_initrc_exec_t, jabberd_router_exec_t, jetty_exec_t, jetty_log_t, jetty_tmp_t, jetty_unit_file_t, jetty_var_run_t, jockey_exec_t, jockey_var_log_t, journalctl_exec_t, kadmind_exec_t, kadmind_log_t, kadmind_tmp_t, kadmind_var_run_t, kdump_exec_t, kdump_initrc_exec_t, kdump_unit_file_t, kdumpctl_exec_t, kdumpctl_tmp_t, kdumpgui_exec_t, kdumpgui_tmp_t, keepalived_exec_t, keepalived_tmp_t, keepalived_unconfined_script_exec_t, keepalived_unit_file_t, keepalived_var_run_t, kerberos_initrc_exec_t, keyboardd_exec_t, keystone_cgi_script_exec_t, keystone_exec_t, keystone_initrc_exec_t, keystone_log_t, keystone_tmp_t, keystone_unit_file_t, keystone_var_run_t, kismet_exec_t, kismet_initrc_exec_t, kismet_log_t, kismet_tmp_t, kismet_tmpfs_t, kismet_var_run_t, klogd_exec_t, klogd_tmp_t, klogd_var_run_t, kmod_exec_t, kmod_tmp_t, kmod_var_run_t, kmscon_exec_t, kmscon_unit_file_t, kpatch_exec_t, kpropd_exec_t, krb5_conf_t, krb5_host_rcache_t, krb5_keytab_t, krb5kdc_exec_t, krb5kdc_log_t, krb5kdc_tmp_t, krb5kdc_var_run_t, ksmtuned_exec_t, ksmtuned_initrc_exec_t, ksmtuned_log_t, ksmtuned_unit_file_t, ksmtuned_var_run_t, ktalkd_exec_t, ktalkd_log_t, ktalkd_tmp_t, ktalkd_unit_file_t, l2tpd_exec_t, l2tpd_initrc_exec_t, l2tpd_tmp_t, l2tpd_var_run_t, lastlog_t, ld_so_cache_t, ld_so_t, ldconfig_exec_t, ldconfig_tmp_t, lib_t, likewise_initrc_exec_t, lircd_exec_t, lircd_initrc_exec_t, lircd_var_run_t, livecd_exec_t, livecd_tmp_t, lldpad_exec_t, lldpad_initrc_exec_t, lldpad_var_run_t, load_policy_exec_t, loadkeys_exec_t, locale_t, locate_exec_t, locate_var_run_t, lockdev_exec_t, login_exec_t, logrotate_exec_t, logrotate_lock_t, logrotate_mail_tmp_t, logrotate_tmp_t, logrotate_var_lib_t, logwatch_exec_t, logwatch_mail_tmp_t, logwatch_tmp_t, logwatch_var_run_t, lpd_exec_t, lpd_tmp_t, lpd_var_run_t, lpr_exec_t, lpr_tmp_t, lsassd_exec_t, lsassd_tmp_t, lsassd_var_run_t, lsmd_exec_t, lsmd_plugin_exec_t, lsmd_plugin_tmp_t, lsmd_unit_file_t, lsmd_var_run_t, lttng_sessiond_exec_t, lttng_sessiond_unit_file_t, lttng_sessiond_var_run_t, lvm_exec_t, lvm_tmp_t, lvm_unit_file_t, lvm_var_run_t, lwiod_exec_t, lwiod_var_run_t, lwregd_exec_t, lwregd_var_run_t, lwsmd_exec_t, lwsmd_var_run_t, machineid_t, mail_munin_plugin_exec_t, mail_munin_plugin_tmp_t, mailman_cgi_exec_t, mailman_cgi_tmp_t, mailman_log_t, mailman_mail_exec_t, mailman_mail_tmp_t, mailman_queue_exec_t, mailman_queue_tmp_t, mailman_var_run_t, man2html_script_exec_t, man_cache_t, man_t, mandb_cache_t, mandb_exec_t, mcelog_exec_t, mcelog_initrc_exec_t, mcelog_log_t, mcelog_var_run_t, mdadm_exec_t, mdadm_initrc_exec_t, mdadm_log_t, mdadm_tmp_t, mdadm_unit_file_t, mdadm_var_run_t, mediawiki_script_exec_t, mediawiki_tmp_t, memcached_exec_t, memcached_initrc_exec_t, memcached_var_run_t, mencoder_exec_t, minidlna_exec_t, minidlna_initrc_exec_t, minidlna_log_t, minidlna_var_run_t, minissdpd_exec_t, minissdpd_initrc_exec_t, minissdpd_var_run_t, mip6d_exec_t, mip6d_unit_file_t, mirrormanager_exec_t, mirrormanager_log_t, mirrormanager_var_run_t, mock_build_exec_t, mock_exec_t, mock_tmp_t, mock_var_lib_t, mock_var_run_t, modemmanager_exec_t, modemmanager_unit_file_t, mojomojo_script_exec_t, mojomojo_tmp_t, mon_procd_exec_t, mon_statd_exec_t, mon_statd_initrc_exec_t, mon_statd_var_run_t, mongod_exec_t, mongod_initrc_exec_t, mongod_log_t, mongod_tmp_t, mongod_unit_file_t, mongod_var_run_t, motion_exec_t, motion_log_t, motion_unit_file_t, motion_var_run_t, mount_ecryptfs_exec_t, mount_exec_t, mount_tmp_t, mount_var_run_t, mozilla_exec_t, mozilla_plugin_config_exec_t, mozilla_plugin_exec_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mozilla_tmp_t, mozilla_tmpfs_t, mpd_exec_t, mpd_initrc_exec_t, mpd_log_t, mpd_tmp_t, mpd_var_run_t, mplayer_exec_t, mplayer_tmpfs_t, mrtg_exec_t, mrtg_initrc_exec_t, mrtg_log_t, mrtg_var_run_t, mscan_exec_t, mscan_initrc_exec_t, mscan_tmp_t, mscan_var_run_t, munin_etc_t, munin_exec_t, munin_initrc_exec_t, munin_log_t, munin_script_exec_t, munin_script_tmp_t, munin_tmp_t, munin_var_run_t, mysqld_etc_t, mysqld_exec_t, mysqld_home_t, mysqld_initrc_exec_t, mysqld_log_t, mysqld_safe_exec_t, mysqld_tmp_t, mysqld_unit_file_t, mysqld_var_run_t, mysqlmanagerd_exec_t, mysqlmanagerd_initrc_exec_t, mysqlmanagerd_var_run_t, mythtv_script_exec_t, mythtv_var_log_t, naemon_exec_t, naemon_initrc_exec_t, naemon_log_t, naemon_var_run_t, nagios_admin_plugin_exec_t, nagios_checkdisk_plugin_exec_t, nagios_eventhandler_plugin_exec_t, nagios_eventhandler_plugin_tmp_t, nagios_exec_t, nagios_initrc_exec_t, nagios_log_t, nagios_mail_plugin_exec_t, nagios_openshift_plugin_exec_t, nagios_openshift_plugin_tmp_t, nagios_script_exec_t, nagios_services_plugin_exec_t, nagios_system_plugin_exec_t, nagios_system_plugin_tmp_t, nagios_tmp_t, nagios_unconfined_plugin_exec_t, nagios_var_run_t, named_cache_t, named_checkconf_exec_t, named_exec_t, named_initrc_exec_t, named_log_t, named_tmp_t, named_unit_file_t, named_var_run_t, namespace_init_exec_t, ncftool_exec_t, ndc_exec_t, net_conf_t, netlabel_mgmt_exec_t, netlabel_mgmt_unit_file_t, netlogond_exec_t, netlogond_var_run_t, netutils_exec_t, netutils_tmp_t, neutron_exec_t, neutron_initrc_exec_t, neutron_log_t, neutron_tmp_t, neutron_unit_file_t, neutron_var_run_t, newrole_exec_t, nfs_t, nfsd_exec_t, nfsd_initrc_exec_t, nfsd_tmp_t, nfsd_unit_file_t, ninfod_exec_t, ninfod_run_t, ninfod_unit_file_t, nis_initrc_exec_t, nis_unit_file_t, nmbd_exec_t, nmbd_var_run_t, nova_exec_t, nova_log_t, nova_tmp_t, nova_unit_file_t, nova_var_run_t, nrpe_exec_t, nrpe_var_run_t, nscd_exec_t, nscd_initrc_exec_t, nscd_log_t, nscd_unit_file_t, nscd_var_run_t, nsd_exec_t, nsd_log_t, nsd_tmp_t, nsd_var_run_t, nslcd_exec_t, nslcd_initrc_exec_t, nslcd_var_run_t, ntop_exec_t, ntop_initrc_exec_t, ntop_tmp_t, ntop_var_run_t, ntpd_exec_t, ntpd_initrc_exec_t, ntpd_log_t, ntpd_tmp_t, ntpd_unit_file_t, ntpd_var_run_t, ntpdate_exec_t, numad_exec_t, numad_unit_file_t, numad_var_log_t, numad_var_run_t, nut_unit_file_t, nut_upsd_exec_t, nut_upsd_tmp_t, nut_upsdrvctl_exec_t, nut_upsdrvctl_tmp_t, nut_upsmon_exec_t, nut_upsmon_tmp_t, nut_var_run_t, nutups_cgi_script_exec_t, nx_server_exec_t, nx_server_tmp_t, nx_server_var_run_t, obex_exec_t, oddjob_exec_t, oddjob_mkhomedir_exec_t, oddjob_unit_file_t, oddjob_var_run_t, opafm_exec_t, opafm_var_run_t, openct_exec_t, openct_initrc_exec_t, openct_var_run_t, opendnssec_exec_t, opendnssec_tmp_t, opendnssec_unit_file_t, opendnssec_var_run_t, openfortivpn_exec_t, openhpid_exec_t, openhpid_initrc_exec_t, openhpid_log_t, openhpid_var_run_t, openshift_app_tmp_t, openshift_cgroup_read_exec_t, openshift_cgroup_read_tmp_t, openshift_cron_exec_t, openshift_cron_tmp_t, openshift_initrc_exec_t, openshift_initrc_tmp_t, openshift_log_t, openshift_net_read_exec_t, openshift_script_exec_t, openshift_tmp_t, openshift_var_lib_t, openshift_var_run_t, opensm_exec_t, opensm_log_t, opensm_unit_file_t, openvpn_exec_t, openvpn_initrc_exec_t, openvpn_status_t, openvpn_tmp_t, openvpn_unconfined_script_exec_t, openvpn_var_log_t, openvpn_var_run_t, openvswitch_exec_t, openvswitch_log_t, openvswitch_tmp_t, openvswitch_unit_file_t, openvswitch_var_run_t, openwsman_exec_t, openwsman_log_t, openwsman_run_t, openwsman_tmp_t, openwsman_unit_file_t, oracleasm_exec_t, oracleasm_initrc_exec_t, oracleasm_tmp_t, osad_exec_t, osad_initrc_exec_t, osad_log_t, osad_var_run_t, pads_exec_t, pads_initrc_exec_t, pads_var_run_t, pam_console_exec_t, pam_timestamp_exec_t, pam_timestamp_tmp_t, pam_var_console_t, pam_var_run_t, passenger_exec_t, passenger_log_t, passenger_tmp_t, passenger_var_run_t, passwd_exec_t, passwd_file_t, pcp_log_t, pcp_plugin_exec_t, pcp_plugin_initrc_exec_t, pcp_pmcd_exec_t, pcp_pmcd_initrc_exec_t, pcp_pmie_exec_t, pcp_pmie_initrc_exec_t, pcp_pmlogger_exec_t, pcp_pmlogger_initrc_exec_t, pcp_pmproxy_exec_t, pcp_pmproxy_initrc_exec_t, pcp_tmp_t, pcp_var_run_t, pcscd_exec_t, pcscd_initrc_exec_t, pcscd_var_run_t, pdns_control_exec_t, pdns_exec_t, pdns_unit_file_t, pdns_var_run_t, pegasus_exec_t, pegasus_openlmi_account_exec_t, pegasus_openlmi_admin_exec_t, pegasus_openlmi_logicalfile_exec_t, pegasus_openlmi_services_exec_t, pegasus_openlmi_storage_exec_t, pegasus_openlmi_storage_tmp_t, pegasus_openlmi_storage_var_run_t, pegasus_openlmi_system_exec_t, pegasus_openlmi_unconfined_exec_t, pegasus_tmp_t, pegasus_var_run_t, pesign_exec_t, pesign_tmp_t, pesign_unit_file_t, pesign_var_run_t, phc2sys_exec_t, phc2sys_unit_file_t, pinentry_exec_t, ping_exec_t, pingd_exec_t, pingd_initrc_exec_t, piranha_fos_exec_t, piranha_fos_var_run_t, piranha_log_t, piranha_lvs_exec_t, piranha_lvs_var_run_t, piranha_pulse_exec_t, piranha_pulse_initrc_exec_t, piranha_pulse_var_run_t, piranha_web_exec_t, piranha_web_tmp_t, piranha_web_var_run_t, pkcs11_modules_conf_t, pkcs11proxyd_exec_t, pkcs11proxyd_unit_file_t, pkcs11proxyd_var_run_t, pkcs_slotd_exec_t, pkcs_slotd_initrc_exec_t, pkcs_slotd_log_t, pkcs_slotd_tmp_t, pkcs_slotd_unit_file_t, pkcs_slotd_var_run_t, pki_log_t, pki_ra_exec_t, pki_ra_log_t, pki_ra_script_exec_t, pki_ra_var_run_t, pki_tomcat_exec_t, pki_tomcat_log_t, pki_tomcat_tmp_t, pki_tomcat_unit_file_t, pki_tomcat_var_run_t, pki_tps_exec_t, pki_tps_log_t, pki_tps_script_exec_t, pki_tps_var_run_t, plymouth_exec_t, plymouthd_exec_t, plymouthd_var_log_t, plymouthd_var_run_t, podsleuth_exec_t, podsleuth_tmp_t, podsleuth_tmpfs_t, policykit_auth_exec_t, policykit_exec_t, policykit_grant_exec_t, policykit_resolve_exec_t, policykit_tmp_t, policykit_var_run_t, polipo_exec_t, polipo_initrc_exec_t, polipo_log_t, polipo_pid_t, polipo_unit_file_t, portmap_exec_t, portmap_helper_exec_t, portmap_initrc_exec_t, portmap_tmp_t, portmap_var_run_t, portreserve_exec_t, portreserve_initrc_exec_t, portreserve_var_run_t, postfix_bounce_exec_t, postfix_bounce_tmp_t, postfix_cleanup_exec_t, postfix_cleanup_tmp_t, postfix_exec_t, postfix_initrc_exec_t, postfix_local_exec_t, postfix_local_tmp_t, postfix_map_exec_t, postfix_map_tmp_t, postfix_master_exec_t, postfix_pickup_exec_t, postfix_pickup_tmp_t, postfix_pipe_exec_t, postfix_pipe_tmp_t, postfix_postdrop_exec_t, postfix_postdrop_t, postfix_postqueue_exec_t, postfix_qmgr_exec_t, postfix_qmgr_tmp_t, postfix_showq_exec_t, postfix_smtp_exec_t, postfix_smtp_tmp_t, postfix_smtpd_exec_t, postfix_smtpd_tmp_t, postfix_var_run_t, postfix_virtual_exec_t, postfix_virtual_tmp_t, postgresql_exec_t, postgresql_initrc_exec_t, postgresql_log_t, postgresql_tmp_t, postgresql_unit_file_t, postgresql_var_run_t, postgrey_exec_t, postgrey_initrc_exec_t, postgrey_var_run_t, power_unit_file_t, pppd_exec_t, pppd_initrc_exec_t, pppd_log_t, pppd_tmp_t, pppd_unit_file_t, pppd_var_run_t, pptp_exec_t, pptp_log_t, pptp_var_run_t, prelink_cron_system_exec_t, prelink_exec_t, prelink_log_t, prelink_tmp_t, prelude_audisp_exec_t, prelude_audisp_var_run_t, prelude_correlator_exec_t, prelude_exec_t, prelude_initrc_exec_t, prelude_lml_exec_t, prelude_lml_tmp_t, prelude_lml_var_run_t, prelude_log_t, prelude_var_run_t, preupgrade_exec_t, prewikka_script_exec_t, privoxy_exec_t, privoxy_initrc_exec_t, privoxy_log_t, privoxy_var_run_t, proc_t, procmail_exec_t, procmail_log_t, procmail_tmp_t, prosody_exec_t, prosody_log_t, prosody_tmp_t, prosody_unit_file_t, prosody_var_run_t, psad_exec_t, psad_initrc_exec_t, psad_tmp_t, psad_var_log_t, psad_var_run_t, ptal_exec_t, ptal_var_run_t, ptchown_exec_t, ptp4l_exec_t, ptp4l_unit_file_t, publicfile_exec_t, pulseaudio_exec_t, pulseaudio_tmpfs_t, pulseaudio_var_run_t, puppet_log_t, puppet_tmp_t, puppet_var_run_t, puppetagent_exec_t, puppetagent_initrc_exec_t, puppetca_exec_t, puppetmaster_exec_t, puppetmaster_initrc_exec_t, puppetmaster_tmp_t, pwauth_exec_t, pwauth_var_run_t, pyicqt_exec_t, pyicqt_log_t, pyicqt_var_run_t, qdiskd_exec_t, qdiskd_var_log_t, qdiskd_var_run_t, qemu_dm_exec_t, qemu_exec_t, qemu_var_run_t, qmail_clean_exec_t, qmail_inject_exec_t, qmail_local_exec_t, qmail_lspawn_exec_t, qmail_queue_exec_t, qmail_remote_exec_t, qmail_rspawn_exec_t, qmail_send_exec_t, qmail_smtpd_exec_t, qmail_splogger_exec_t, qmail_start_exec_t, qmail_tcp_env_exec_t, qpidd_exec_t, qpidd_initrc_exec_t, qpidd_tmp_t, qpidd_var_run_t, quota_exec_t, quota_nld_exec_t, quota_nld_var_run_t, rabbitmq_exec_t, rabbitmq_initrc_exec_t, rabbitmq_tmp_t, rabbitmq_unit_file_t, rabbitmq_var_log_t, rabbitmq_var_run_t, racoon_exec_t, racoon_tmp_t, radiusd_exec_t, radiusd_initrc_exec_t, radiusd_log_t, radiusd_unit_file_t, radiusd_var_run_t, radvd_exec_t, radvd_initrc_exec_t, radvd_var_run_t, rasdaemon_exec_t, rasdaemon_unit_file_t, rdisc_exec_t, rdisc_unit_file_t, readahead_exec_t, readahead_var_run_t, realmd_exec_t, realmd_tmp_t, redis_exec_t, redis_initrc_exec_t, redis_log_t, redis_tmp_t, redis_unit_file_t, redis_var_run_t, regex_milter_data_t, regex_milter_exec_t, restorecond_exec_t, restorecond_var_run_t, rhev_agentd_exec_t, rhev_agentd_log_t, rhev_agentd_tmp_t, rhev_agentd_unit_file_t, rhev_agentd_var_run_t, rhgb_exec_t, rhnsd_exec_t, rhnsd_initrc_exec_t, rhnsd_unit_file_t, rhnsd_var_run_t, rhsmcertd_exec_t, rhsmcertd_initrc_exec_t, rhsmcertd_log_t, rhsmcertd_tmp_t, rhsmcertd_var_run_t, ricci_exec_t, ricci_initrc_exec_t, ricci_modcluster_exec_t, ricci_modcluster_var_log_t, ricci_modcluster_var_run_t, ricci_modclusterd_exec_t, ricci_modlog_exec_t, ricci_modrpm_exec_t, ricci_modservice_exec_t, ricci_modstorage_exec_t, ricci_tmp_t, ricci_var_log_t, ricci_var_run_t, rkhunter_var_lib_t, rkt_exec_t, rkt_unit_file_t, rlogind_exec_t, rlogind_tmp_t, rlogind_var_run_t, rngd_exec_t, rngd_initrc_exec_t, rngd_unit_file_t, rngd_var_run_t, rolekit_exec_t, rolekit_tmp_t, rolekit_unit_file_t, roundup_exec_t, roundup_initrc_exec_t, roundup_var_run_t, rpcbind_exec_t, rpcbind_initrc_exec_t, rpcbind_tmp_t, rpcbind_unit_file_t, rpcbind_var_run_t, rpcd_exec_t, rpcd_initrc_exec_t, rpcd_unit_file_t, rpcd_var_run_t, rpm_exec_t, rpm_log_t, rpm_script_exec_t, rpm_script_tmp_t, rpm_tmp_t, rpm_var_cache_t, rpm_var_run_t, rpmdb_exec_t, rpmdb_tmp_t, rrdcached_exec_t, rrdcached_tmp_t, rrdcached_var_run_t, rshd_exec_t, rssh_chroot_helper_exec_t, rssh_exec_t, rsync_exec_t, rsync_log_t, rsync_tmp_t, rsync_var_run_t, rtas_errd_exec_t, rtas_errd_log_t, rtas_errd_tmp_t, rtas_errd_unit_file_t, rtas_errd_var_run_t, rtkit_daemon_exec_t, rtkit_daemon_initrc_exec_t, run_init_exec_t, rwho_exec_t, rwho_initrc_exec_t, samba_etc_t, samba_initrc_exec_t, samba_log_t, samba_net_exec_t, samba_net_tmp_t, samba_unconfined_script_exec_t, samba_unit_file_t, samba_var_t, sambagui_exec_t, sandbox_exec_t, sanlk_resetd_exec_t, sanlk_resetd_unit_file_t, sanlock_exec_t, sanlock_initrc_exec_t, sanlock_log_t, sanlock_unit_file_t, sanlock_var_run_t, saslauthd_exec_t, saslauthd_initrc_exec_t, saslauthd_var_run_t, sbd_exec_t, sbd_tmpfs_t, sbd_unit_file_t, sbd_var_run_t, sblim_gatherd_exec_t, sblim_initrc_exec_t, sblim_reposd_exec_t, sblim_sfcbd_exec_t, sblim_tmp_t, sblim_var_run_t, screen_exec_t, screen_var_run_t, secadm_sudo_tmp_t, sectool_tmp_t, sectool_var_log_t, sectoolm_exec_t, security_t, selinux_munin_plugin_exec_t, selinux_munin_plugin_tmp_t, semanage_exec_t, semanage_tmp_t, sendmail_exec_t, sendmail_initrc_exec_t, sendmail_log_t, sendmail_tmp_t, sendmail_var_run_t, sensord_exec_t, sensord_initrc_exec_t, sensord_log_t, sensord_unit_file_t, sensord_var_run_t, services_munin_plugin_exec_t, services_munin_plugin_tmp_t, session_dbusd_tmp_t, setfiles_exec_t, setkey_exec_t, setrans_exec_t, setrans_initrc_exec_t, setrans_var_run_t, setroubleshoot_fixit_exec_t, setroubleshoot_fixit_tmp_t, setroubleshoot_tmp_t, setroubleshoot_var_log_t, setroubleshoot_var_run_t, setroubleshootd_exec_t, setsebool_exec_t, seunshare_exec_t, sge_execd_exec_t, sge_job_exec_t, sge_shepherd_exec_t, sge_tmp_t, shell_exec_t, shorewall_exec_t, shorewall_initrc_exec_t, shorewall_log_t, shorewall_tmp_t, shorewall_var_lib_t, showmount_exec_t, slapd_exec_t, slapd_initrc_exec_t, slapd_log_t, slapd_tmp_t, slapd_unit_file_t, slapd_var_run_t, slpd_exec_t, slpd_initrc_exec_t, slpd_log_t, slpd_var_run_t, smbcontrol_exec_t, smbd_exec_t, smbd_tmp_t, smbd_var_run_t, smbmount_exec_t, smokeping_cgi_script_exec_t, smokeping_exec_t, smokeping_initrc_exec_t, smokeping_var_run_t, smoltclient_exec_t, smoltclient_tmp_t, smsd_exec_t, smsd_initrc_exec_t, smsd_log_t, smsd_tmp_t, smsd_var_run_t, snapperd_exec_t, snapperd_log_t, snappy_cli_exec_t, snappy_confine_exec_t, snappy_exec_t, snappy_mount_exec_t, snappy_snap_t, snappy_tmp_t, snappy_unit_file_t, snappy_var_run_t, snmpd_exec_t, snmpd_initrc_exec_t, snmpd_log_t, snmpd_var_run_t, snort_exec_t, snort_initrc_exec_t, snort_log_t, snort_tmp_t, snort_var_run_t, sosreport_exec_t, sosreport_tmp_t, sosreport_var_run_t, soundd_exec_t, soundd_initrc_exec_t, soundd_tmp_t, soundd_var_run_t, spamass_milter_data_t, spamass_milter_exec_t, spamc_exec_t, spamc_tmp_t, spamd_exec_t, spamd_initrc_exec_t, spamd_log_t, spamd_tmp_t, spamd_update_exec_t, spamd_var_run_t, spc_var_run_t, speech_dispatcher_exec_t, speech_dispatcher_log_t, speech_dispatcher_tmp_t, speech_dispatcher_unit_file_t, squid_conf_t, squid_cron_exec_t, squid_exec_t, squid_initrc_exec_t, squid_log_t, squid_script_exec_t, squid_tmp_t, squid_var_run_t, squirrelmail_spool_t, src_t, srvsvcd_exec_t, srvsvcd_var_run_t, ssh_agent_exec_t, ssh_agent_tmp_t, ssh_exec_t, ssh_keygen_exec_t, ssh_keygen_tmp_t, ssh_keysign_exec_t, ssh_tmpfs_t, sshd_exec_t, sshd_initrc_exec_t, sshd_keygen_exec_t, sshd_keygen_unit_file_t, sshd_unit_file_t, sshd_var_run_t, sslh_exec_t, sslh_initrc_exec_t, sslh_unit_file_t, sslh_var_run_t, sssd_exec_t, sssd_initrc_exec_t, sssd_public_t, sssd_selinux_manager_exec_t, sssd_unit_file_t, sssd_var_lib_t, sssd_var_log_t, sssd_var_run_t, staff_sudo_tmp_t, stapserver_exec_t, stapserver_log_t, stapserver_tmp_t, stapserver_tmpfs_t, stapserver_var_run_t, stratisd_exec_t, stratisd_var_run_t, stunnel_exec_t, stunnel_log_t, stunnel_tmp_t, stunnel_var_run_t, su_exec_t, sudo_exec_t, sudo_log_t, sulogin_exec_t, svc_multilog_exec_t, svc_run_exec_t, svc_start_exec_t, svirt_tmp_t, svnserve_exec_t, svnserve_initrc_exec_t, svnserve_log_t, svnserve_tmp_t, svnserve_unit_file_t, svnserve_var_run_t, swat_exec_t, swat_tmp_t, swat_var_run_t, swift_exec_t, swift_tmp_t, swift_unit_file_t, swift_var_run_t, sysadm_passwd_tmp_t, sysadm_sudo_tmp_t, sysfs_t, syslogd_exec_t, syslogd_initrc_exec_t, syslogd_tmp_t, syslogd_unit_file_t, syslogd_var_run_t, sysstat_exec_t, sysstat_initrc_exec_t, sysstat_log_t, system_conf_t, system_cronjob_tmp_t, system_cronjob_var_run_t, system_db_t, system_dbusd_tmp_t, system_dbusd_var_lib_t, system_dbusd_var_run_t, system_mail_tmp_t, system_munin_plugin_exec_t, system_munin_plugin_tmp_t, systemd_bootchart_exec_t, systemd_bootchart_unit_file_t, systemd_bootchart_var_run_t, systemd_coredump_exec_t, systemd_gpt_generator_exec_t, systemd_gpt_generator_unit_file_t, systemd_hostnamed_exec_t, systemd_hwdb_exec_t, systemd_hwdb_unit_file_t, systemd_importd_exec_t, systemd_importd_tmp_t, systemd_importd_var_run_t, systemd_initctl_exec_t, systemd_journal_upload_exec_t, systemd_localed_exec_t, systemd_logger_exec_t, systemd_logind_exec_t, systemd_logind_inhibit_var_run_t, systemd_logind_sessions_t, systemd_logind_var_run_t, systemd_machined_exec_t, systemd_machined_unit_file_t, systemd_machined_var_run_t, systemd_modules_load_exec_t, systemd_modules_load_unit_file_t, systemd_networkd_exec_t, systemd_networkd_unit_file_t, systemd_networkd_var_run_t, systemd_notify_exec_t, systemd_passwd_agent_exec_t, systemd_passwd_var_run_t, systemd_resolved_exec_t, systemd_resolved_unit_file_t, systemd_resolved_var_run_t, systemd_rfkill_exec_t, systemd_rfkill_unit_file_t, systemd_runtime_unit_file_t, systemd_sleep_exec_t, systemd_sysctl_exec_t, systemd_systemctl_exec_t, systemd_timedated_exec_t, systemd_timedated_unit_file_t, systemd_timedated_var_run_t, systemd_tmpfiles_exec_t, systemd_unit_file_t, systemd_userdbd_exec_t, systemd_userdbd_runtime_t, systemd_userdbd_unit_file_t, systemd_vconsole_unit_file_t, tangd_cache_t, tangd_exec_t, tangd_unit_file_t, targetd_exec_t, targetd_tmp_t, targetd_unit_file_t, tcpd_exec_t, tcpd_tmp_t, tcsd_exec_t, tcsd_initrc_exec_t, telepathy_gabble_exec_t, telepathy_gabble_tmp_t, telepathy_idle_exec_t, telepathy_idle_tmp_t, telepathy_logger_exec_t, telepathy_logger_tmp_t, telepathy_mission_control_exec_t, telepathy_mission_control_tmp_t, telepathy_msn_exec_t, telepathy_msn_tmp_t, telepathy_salut_exec_t, telepathy_salut_tmp_t, telepathy_sofiasip_exec_t, telepathy_sofiasip_tmp_t, telepathy_stream_engine_exec_t, telepathy_stream_engine_tmp_t, telepathy_sunshine_exec_t, telepathy_sunshine_tmp_t, telnetd_exec_t, telnetd_tmp_t, telnetd_var_run_t, tetex_data_t, textrel_shlib_t, tftpd_exec_t, tftpd_var_run_t, tgtd_exec_t, tgtd_initrc_exec_t, tgtd_tmp_t, tgtd_var_run_t, thin_aeolus_configserver_exec_t, thin_aeolus_configserver_log_t, thin_aeolus_configserver_var_run_t, thin_exec_t, thin_log_t, thin_var_run_t, thumb_exec_t, thumb_tmp_t, timedatex_exec_t, timemaster_exec_t, timemaster_unit_file_t, timemaster_var_run_t, tlp_exec_t, tlp_unit_file_t, tlp_var_run_t, tmp_t, tmpreaper_exec_t, tomcat_exec_t, tomcat_log_t, tomcat_tmp_t, tomcat_unit_file_t, tomcat_var_run_t, tor_exec_t, tor_initrc_exec_t, tor_unit_file_t, tor_var_log_t, tor_var_run_t, traceroute_exec_t, tuned_exec_t, tuned_initrc_exec_t, tuned_log_t, tuned_tmp_t, tuned_var_run_t, tvtime_exec_t, tvtime_tmp_t, tvtime_tmpfs_t, udev_exec_t, udev_helper_exec_t, udev_tmp_t, udev_var_run_t, ulogd_exec_t, ulogd_initrc_exec_t, ulogd_var_log_t, uml_exec_t, uml_switch_exec_t, uml_switch_var_run_t, uml_tmp_t, uml_tmpfs_t, unconfined_exec_t, unconfined_munin_plugin_exec_t, unconfined_munin_plugin_tmp_t, updfstab_exec_t, updpwd_exec_t, usbmodules_exec_t, usbmuxd_exec_t, usbmuxd_unit_file_t, usbmuxd_var_run_t, user_cron_spool_t, user_fonts_t, user_home_t, user_mail_tmp_t, user_tmp_t, useradd_exec_t, useradd_var_run_t, userhelper_exec_t, usernetctl_exec_t, usr_t, utempter_exec_t, uucpd_exec_t, uucpd_initrc_exec_t, uucpd_log_t, uucpd_tmp_t, uucpd_var_run_t, uuidd_exec_t, uuidd_initrc_exec_t, uuidd_var_run_t, uux_exec_t, var_lib_t, var_lock_t, var_log_t, var_run_t, var_spool_t, varnishd_exec_t, varnishd_initrc_exec_t, varnishd_tmp_t, varnishd_var_run_t, varnishlog_exec_t, varnishlog_initrc_exec_t, varnishlog_log_t, varnishlog_var_run_t, vdagent_exec_t, vdagent_log_t, vdagent_var_run_t, vdagentd_initrc_exec_t, vhostmd_exec_t, vhostmd_initrc_exec_t, vhostmd_var_run_t, virsh_exec_t, virt_bridgehelper_exec_t, virt_cache_t, virt_common_var_run_t, virt_log_t, virt_lxc_var_run_t, virt_qemu_ga_exec_t, virt_qemu_ga_log_t, virt_qemu_ga_tmp_t, virt_qemu_ga_unconfined_exec_t, virt_qemu_ga_var_run_t, virt_tmp_t, virt_var_lib_t, virt_var_run_t, virtd_exec_t, virtd_initrc_exec_t, virtd_lxc_exec_t, virtd_unit_file_t, virtlogd_exec_t, virtlogd_initrc_exec_t, virtlogd_unit_file_t, virtlogd_var_run_t, vlock_exec_t, vmtools_exec_t, vmtools_helper_exec_t, vmtools_tmp_t, vmtools_unconfined_exec_t, vmtools_unit_file_t, vmware_exec_t, vmware_host_exec_t, vmware_host_pid_t, vmware_host_tmp_t, vmware_log_t, vmware_pid_t, vmware_tmp_t, vmware_tmpfs_t, vnstat_exec_t, vnstatd_exec_t, vnstatd_initrc_exec_t, vnstatd_var_run_t, vpnc_exec_t, vpnc_tmp_t, vpnc_var_run_t, w3c_validator_script_exec_t, w3c_validator_tmp_t, watchdog_exec_t, watchdog_initrc_exec_t, watchdog_log_t, watchdog_unconfined_exec_t, watchdog_var_run_t, wdmd_exec_t, wdmd_initrc_exec_t, wdmd_var_run_t, webadm_tmp_t, webalizer_exec_t, webalizer_script_exec_t, webalizer_tmp_t, winbind_exec_t, winbind_helper_exec_t, winbind_log_t, winbind_var_run_t, wine_exec_t, wireshark_exec_t, wireshark_tmp_t, wireshark_tmpfs_t, wpa_cli_exec_t, wtmp_t, xauth_exec_t, xauth_tmp_t, xdm_exec_t, xdm_log_t, xdm_unconfined_exec_t, xdm_unit_file_t, xdm_var_run_t, xenconsoled_exec_t, xenconsoled_var_run_t, xend_exec_t, xend_tmp_t, xend_var_log_t, xend_var_run_t, xenstored_exec_t, xenstored_tmp_t, xenstored_var_log_t, xenstored_var_run_t, xferlog_t, xserver_exec_t, xserver_log_t, xserver_tmpfs_t, xserver_var_run_t, xsession_exec_t, ypbind_exec_t, ypbind_initrc_exec_t, ypbind_tmp_t, ypbind_unit_file_t, ypbind_var_run_t, yppasswdd_exec_t, yppasswdd_var_run_t, ypserv_exec_t, ypserv_tmp_t, ypserv_var_run_t, ypxfr_exec_t, ypxfr_var_run_t, zabbix_agent_exec_t, zabbix_agent_initrc_exec_t, zabbix_exec_t, zabbix_initrc_exec_t, zabbix_log_t, zabbix_script_exec_t, zabbix_tmp_t, zabbix_var_run_t, zarafa_deliver_exec_t, zarafa_deliver_log_t, zarafa_deliver_tmp_t, zarafa_deliver_var_run_t, zarafa_gateway_exec_t, zarafa_gateway_log_t, zarafa_gateway_var_run_t, zarafa_ical_exec_t, zarafa_ical_log_t, zarafa_ical_var_run_t, zarafa_indexer_exec_t, zarafa_indexer_log_t, zarafa_indexer_tmp_t, zarafa_indexer_var_run_t, zarafa_monitor_exec_t, zarafa_monitor_log_t, zarafa_monitor_var_run_t, zarafa_server_exec_t, zarafa_server_log_t, zarafa_server_tmp_t, zarafa_server_var_run_t, zarafa_spooler_exec_t, zarafa_spooler_log_t, zarafa_spooler_var_run_t, zarafa_var_lib_t, zebra_exec_t, zebra_initrc_exec_t, zebra_log_t, zebra_tmp_t, zebra_unit_file_t, zebra_var_run_t, zoneminder_exec_t, zoneminder_initrc_exec_t, zoneminder_log_t, zoneminder_script_exec_t, zoneminder_unit_file_t, zoneminder_var_run_t, zos_remote_exec_t. Then execute: restorecon -v '/var/cache/akmods/akmods.log' ***** Plugin catchall (17.1 confidence) suggests ************************** If you believe that logrotate should be allowed getattr access on the akmods.log file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'logrotate' --raw | audit2allow -M my-logrotate # semodule -X 300 -i my-logrotate.pp Additional Information: Source Context system_u:system_r:logrotate_t:s0 Target Context unconfined_u:object_r:var_t:s0 Target Objects /var/cache/akmods/akmods.log [ file ] Source logrotate Source Path logrotate Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-34.22-1.fc34.noarch Local Policy RPM selinux-policy-targeted-34.22-1.fc34.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.14.14-200.fc34.x86_64 #1 SMP Wed Oct 20 16:15:12 UTC 2021 x86_64 x86_64 Alert Count 2 First Seen 2021-11-07 00:00:57 CET Last Seen 2021-11-07 00:00:57 CET Local ID e7320ce9-b89b-424a-9f23-44c93ccb30bc Raw Audit Messages type=AVC msg=audit(1636239657.703:597): avc: denied { getattr } for pid=28201 comm="logrotate" path="/var/cache/akmods/akmods.log" dev="dm-1" ino=4587953 scontext=system_u:system_r:logrotate_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file permissive=0 Hash: logrotate,logrotate_t,var_t,file,getattr Version-Release number of selected component: selinux-policy-targeted-34.22-1.fc34.noarch Additional info: component: selinux-policy reporter: libreport-2.15.2 hashmarkername: setroubleshoot kernel: 5.14.14-200.fc34.x86_64 type: libreport Potential duplicate: bug 1174825
Hello, As discussed in bug #1454824 comment #103 [1], here is a first attempt for a fix for this issue. It is available here: https://src.fedoraproject.org/fork/nvieville/rpms/akmods/tree/fix_selinux_for_logrotate_rhbz-2020889 Cordially, -- NVieville [1] https://bugzilla.redhat.com/show_bug.cgi?id=1454824#c103
I took a brief at the PR, the allow rules should not be necessary, just labeling the cache dir which can as well be done in selinux-policy. I just need to know: Apart from logrotate, does any service need access to /var/cache/akmods/*? What is the content of the directory?
Hello, (In reply to Zdenek Pytela from comment #2) > I took a brief at the PR, the allow rules should not be necessary, just > labeling the cache dir which can as well be done in selinux-policy. > I just need to know: Apart from logrotate, does any service need access to > /var/cache/akmods/*? The problem encountered with logrotate has been addressed in commit b99e99c of akmods sources (https://src.fedoraproject.org/rpms/akmods/c/b99e99c285f128aac08c5896e8e5920a7d5bddcb?branch=rawhide). Global logs were moved to /var/log directory, where logrotate can do its job. logrotate access to /var/cache/akmods directory is no longer needed in the new version of akmods. This version will be available in f36. Maybe, the new version should be pushed to f35 as well. This has to be discussed with the co-maintainers of this package. > What is the content of the directory? The /var/cache/akmods contains last built rpm packages for akmods modules and their respective build logs (not the global log file now located in /var/log). These rpm packages and logs, located in /var/cache/akmods directory are self-cleaned by akmods itself and don't rely on logrotate jobs. Thank you for your question. I hope I answered it. Any comment are welcome. Cordially, -- NVieville
Thank you for the progress report and the additional information. As I understand it now, logs are in /var/log/akmods so no further action is needed. It would be necessary to create a private type in selinux-policy, e. g. akmods_log_t, if there is some other service requiring access to these data. If it's not the case, we can close this bz.
This message is a reminder that Fedora Linux 34 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 34 on 2022-06-07. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '34'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 34 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed.
not yet fixed
Sergio, Can you describe what is the current issue? This bz was created because logrotate was unable to access logs. Since the logs were moved to /var/log, logrotate can access them now.
ll /var/cache/akmods/ total 608 -rw-r--r-- 1 root root 228 Jul 8 15:17 akmods.log -rw-r--r--. 1 root root 414069 Nov 28 2021 akmods.log-20211201 -rw-r--r-- 1 root root 18635 Dec 24 2021 akmods.log-20220101 -rw-r--r-- 1 root root 8476 Jan 31 00:13 akmods.log-20220201 -rw-r--r-- 1 root root 6956 Feb 23 19:50 akmods.log-20220301 -rw-r--r-- 1 root root 4531 Mar 29 17:39 akmods.log-20220401 -rw-r--r-- 1 root root 20852 Apr 29 20:05 akmods.log-20220501 -rw-r--r-- 1 root root 2492 May 23 23:07 akmods.log-20220601 -rw-r--r-- 1 root root 17571 Jun 30 22:51 akmods.log-20220701 drwxr-xr-x. 2 root root 28672 Jul 8 15:04 nvidia drwxr-xr-x 2 root root 12288 Nov 28 2021 rtl8821ce drwxr-xr-x 2 root root 4096 Jul 8 15:04 v4l2loopback drwxr-xr-x. 2 root root 32768 Jul 8 15:04 VirtualBox after observe the above, I don't think "the logs were moved to /var/log" , but I will study a way to move logs to /var/log . Unfortunately I think I won't have time before October
I am not an active akmods user, but I can confirm logrotate works on /var/log/akmods: # rpm -q akmods akmods-0.5.7-8.fc36.noarch # cat /etc/logrotate.d/akmods /var/log/akmods/akmods.log { monthly rotate 12 missingok notifempty create 644 root root su root akmods } Perhaps you have previous setting kept? Possibly look for a .rpmnew file.
ah right [1] I'm updating my akmods on F35, so it is fixed on F36 ? [1] https://src.fedoraproject.org/rpms/akmods/c/b99e99c285f128aac08c5896e8e5920a7d5bddcb?branch=rawhide
(In reply to Sergio Basto from comment #10) > ah right [1] I'm updating my akmods on F35, so it is fixed on F36 ? Yes. As you can see it here: https://src.fedoraproject.org/rpms/akmods/commits/rawhide Issue with akmods and logrotate are fixed in rawhide and F36, but not in F35, that is still far behind (no secure boot feature etc. ). Maybe it would be worth to align F35 on rawhide/F36 before its EOL. Cordially, -- NVieville
I built the latest akmods in copr https://copr.fedorainfracloud.org/coprs/sergiomb/vboxfor23/package/akmods/ and use it on F35 and epel 7 and 8 Closing with fixed in version akmods-0.5.7-8.fc36 I will do some tests and after if the tests were successfully I will build update epel 9 which doesn't have these last two commits ...