Bug 2020889 - SELinux is preventing logrotate from 'getattr' accesses on the file /var/cache/akmods/akmods.log.
Summary: SELinux is preventing logrotate from 'getattr' accesses on the file /var/cach...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: x86_64
OS: Unspecified
medium
medium
Target Milestone: ---
Assignee: Zdenek Pytela
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:620c5823a5c5a2bfb9aebacf5c9...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-11-06 23:03 UTC by Andrei Nevedomskii
Modified: 2022-07-09 03:27 UTC (History)
10 users (show)

Fixed In Version: akmods-0.5.7-8.fc36
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-07-09 03:27:26 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1149350 1 None None None 2021-12-04 00:33:10 UTC

Description Andrei Nevedomskii 2021-11-06 23:03:05 UTC 
Description of problem:
logrotate should have access to rotate akmods logs
SELinux is preventing logrotate from 'getattr' accesses on the file /var/cache/akmods/akmods.log.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow logrotate to have getattr access on the akmods.log file
Then you need to change the label on /var/cache/akmods/akmods.log
Do
# semanage fcontext -a -t FILE_TYPE '/var/cache/akmods/akmods.log'
where FILE_TYPE is one of the following: NetworkManager_exec_t, NetworkManager_initrc_exec_t, NetworkManager_log_t, NetworkManager_tmp_t, NetworkManager_unit_file_t, NetworkManager_var_run_t, abrt_dump_oops_exec_t, abrt_exec_t, abrt_handle_event_exec_t, abrt_helper_exec_t, abrt_initrc_exec_t, abrt_retrace_coredump_exec_t, abrt_retrace_worker_exec_t, abrt_tmp_t, abrt_unit_file_t, abrt_upload_watch_exec_t, abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_log_t, abrt_var_run_t, abrt_watch_log_exec_t, accountsd_exec_t, accountsd_unit_file_t, acct_data_t, acct_exec_t, acct_initrc_exec_t, admin_crontab_tmp_t, admin_passwd_exec_t, afs_bosserver_exec_t, afs_exec_t, afs_fsserver_exec_t, afs_initrc_exec_t, afs_kaserver_exec_t, afs_logfile_t, afs_ptserver_exec_t, afs_vlserver_exec_t, aiccu_exec_t, aiccu_initrc_exec_t, aiccu_var_run_t, aide_exec_t, aide_log_t, ajaxterm_exec_t, ajaxterm_initrc_exec_t, ajaxterm_var_run_t, alsa_exec_t, alsa_tmp_t, alsa_unit_file_t, alsa_var_run_t, amanda_exec_t, amanda_inetd_exec_t, amanda_log_t, amanda_recover_exec_t, amanda_tmp_t, amanda_unit_file_t, amtu_exec_t, amtu_initrc_exec_t, anaconda_exec_t, anacron_exec_t, antivirus_exec_t, antivirus_initrc_exec_t, antivirus_log_t, antivirus_tmp_t, antivirus_unit_file_t, antivirus_var_run_t, apcupsd_cgi_script_exec_t, apcupsd_exec_t, apcupsd_initrc_exec_t, apcupsd_log_t, apcupsd_tmp_t, apcupsd_unit_file_t, apcupsd_var_run_t, apm_exec_t, apmd_exec_t, apmd_initrc_exec_t, apmd_log_t, apmd_tmp_t, apmd_unit_file_t, apmd_var_run_t, arpwatch_exec_t, arpwatch_initrc_exec_t, arpwatch_tmp_t, arpwatch_unit_file_t, arpwatch_var_run_t, asterisk_exec_t, asterisk_initrc_exec_t, asterisk_log_t, asterisk_tmp_t, asterisk_var_run_t, audisp_exec_t, audisp_remote_exec_t, audisp_var_run_t, auditadm_sudo_tmp_t, auditctl_exec_t, auditd_exec_t, auditd_initrc_exec_t, auditd_log_t, auditd_tmp_t, auditd_unit_file_t, auditd_var_run_t, auth_cache_t, authconfig_exec_t, automount_exec_t, automount_initrc_exec_t, automount_tmp_t, automount_unit_file_t, automount_var_run_t, avahi_exec_t, avahi_initrc_exec_t, avahi_unit_file_t, avahi_var_run_t, awstats_exec_t, awstats_script_exec_t, awstats_tmp_t, bacula_admin_exec_t, bacula_exec_t, bacula_initrc_exec_t, bacula_log_t, bacula_tmp_t, bacula_unconfined_script_exec_t, bacula_var_run_t, bcfg2_exec_t, bcfg2_initrc_exec_t, bcfg2_unit_file_t, bcfg2_var_run_t, bin_t, bitlbee_exec_t, bitlbee_initrc_exec_t, bitlbee_log_t, bitlbee_tmp_t, bitlbee_var_run_t, blkmapd_exec_t, blkmapd_initrc_exec_t, blkmapd_var_run_t, blktap_exec_t, blktap_var_run_t, blueman_exec_t, blueman_tmp_t, blueman_var_run_t, bluetooth_exec_t, bluetooth_helper_exec_t, bluetooth_helper_tmp_t, bluetooth_helper_tmpfs_t, bluetooth_initrc_exec_t, bluetooth_tmp_t, bluetooth_unit_file_t, bluetooth_var_run_t, boinc_exec_t, boinc_initrc_exec_t, boinc_log_t, boinc_project_tmp_t, boinc_tmp_t, boinc_unit_file_t, boltd_exec_t, boltd_var_run_t, boot_t, bootloader_exec_t, bootloader_tmp_t, bootloader_var_run_t, brctl_exec_t, brltty_exec_t, brltty_log_t, brltty_unit_file_t, brltty_var_run_t, bugzilla_script_exec_t, bugzilla_tmp_t, bumblebee_exec_t, bumblebee_unit_file_t, bumblebee_var_run_t, cachefilesd_exec_t, cachefilesd_var_run_t, calamaris_exec_t, calamaris_log_t, callweaver_exec_t, callweaver_initrc_exec_t, callweaver_log_t, callweaver_var_run_t, canna_exec_t, canna_initrc_exec_t, canna_log_t, canna_var_run_t, cardctl_exec_t, cardmgr_dev_t, cardmgr_exec_t, cardmgr_var_run_t, ccs_exec_t, ccs_initrc_exec_t, ccs_tmp_t, ccs_var_lib_t, ccs_var_log_t, ccs_var_run_t, cdcc_exec_t, cdcc_tmp_t, cdrecord_exec_t, cert_t, certmaster_exec_t, certmaster_initrc_exec_t, certmaster_var_log_t, certmaster_var_run_t, certmonger_exec_t, certmonger_initrc_exec_t, certmonger_tmp_t, certmonger_unconfined_exec_t, certmonger_unit_file_t, certmonger_var_run_t, certwatch_exec_t, cfengine_execd_exec_t, cfengine_initrc_exec_t, cfengine_log_t, cfengine_monitord_exec_t, cfengine_serverd_exec_t, cgclear_exec_t, cgconfig_exec_t, cgconfig_initrc_exec_t, cgred_exec_t, cgred_initrc_exec_t, cgred_log_t, cgred_var_run_t, cgroup_t, checkpc_exec_t, checkpc_log_t, checkpolicy_exec_t, chfn_exec_t, chkpwd_exec_t, chrome_sandbox_exec_t, chrome_sandbox_nacl_exec_t, chrome_sandbox_tmp_t, chronyc_exec_t, chronyd_exec_t, chronyd_initrc_exec_t, chronyd_keys_t, chronyd_tmp_t, chronyd_unit_file_t, chronyd_var_log_t, chronyd_var_run_t, chroot_exec_t, cifs_t, cinder_api_exec_t, cinder_api_tmp_t, cinder_api_unit_file_t, cinder_backup_exec_t, cinder_backup_tmp_t, cinder_backup_unit_file_t, cinder_log_t, cinder_scheduler_exec_t, cinder_scheduler_tmp_t, cinder_scheduler_unit_file_t, cinder_var_run_t, cinder_volume_exec_t, cinder_volume_tmp_t, cinder_volume_unit_file_t, ciped_exec_t, ciped_initrc_exec_t, clogd_exec_t, clogd_var_run_t, cloud_init_exec_t, cloud_init_tmp_t, cloud_init_unit_file_t, cloud_log_t, cluster_conf_t, cluster_exec_t, cluster_initrc_exec_t, cluster_tmp_t, cluster_unit_file_t, cluster_var_lib_t, cluster_var_log_t, cluster_var_run_t, clvmd_exec_t, clvmd_initrc_exec_t, clvmd_var_run_t, cmirrord_exec_t, cmirrord_initrc_exec_t, cmirrord_var_run_t, cobbler_tmp_t, cobbler_var_log_t, cobblerd_exec_t, cobblerd_initrc_exec_t, cockpit_session_exec_t, cockpit_tmp_t, cockpit_tmpfs_t, cockpit_unit_file_t, cockpit_var_run_t, cockpit_ws_exec_t, collectd_exec_t, collectd_initrc_exec_t, collectd_log_t, collectd_rw_content_t, collectd_script_exec_t, collectd_script_tmp_t, collectd_unit_file_t, collectd_var_run_t, colord_exec_t, colord_tmp_t, colord_unit_file_t, comsat_exec_t, comsat_tmp_t, comsat_var_run_t, condor_collector_exec_t, condor_initrc_exec_t, condor_log_t, condor_master_exec_t, condor_master_tmp_t, condor_negotiator_exec_t, condor_procd_exec_t, condor_schedd_exec_t, condor_schedd_tmp_t, condor_startd_exec_t, condor_startd_tmp_t, condor_unit_file_t, condor_var_run_t, conman_exec_t, conman_log_t, conman_tmp_t, conman_unconfined_script_exec_t, conman_unit_file_t, conman_var_run_t, conntrackd_exec_t, conntrackd_initrc_exec_t, conntrackd_log_t, conntrackd_unit_file_t, conntrackd_var_run_t, consolehelper_exec_t, consolekit_exec_t, consolekit_log_t, consolekit_unit_file_t, consolekit_var_run_t, container_auth_exec_t, container_file_t, container_kvm_var_run_t, container_log_t, container_plugin_var_run_t, container_runtime_exec_t, container_runtime_tmp_t, container_unit_file_t, container_var_run_t, couchdb_exec_t, couchdb_initrc_exec_t, couchdb_log_t, couchdb_tmp_t, couchdb_unit_file_t, couchdb_var_run_t, courier_authdaemon_exec_t, courier_exec_t, courier_pcp_exec_t, courier_pop_exec_t, courier_sqwebmail_exec_t, courier_tcpd_exec_t, courier_var_run_t, cpu_online_t, cpucontrol_exec_t, cpufreqselector_exec_t, cpuplug_exec_t, cpuplug_initrc_exec_t, cpuplug_var_run_t, cpuspeed_exec_t, cpuspeed_var_run_t, crack_exec_t, crack_tmp_t, cron_log_t, cron_var_run_t, crond_exec_t, crond_initrc_exec_t, crond_tmp_t, crond_unit_file_t, crond_var_run_t, crontab_exec_t, crontab_tmp_t, ctdbd_exec_t, ctdbd_initrc_exec_t, ctdbd_log_t, ctdbd_tmp_t, ctdbd_var_run_t, cups_pdf_exec_t, cups_pdf_tmp_t, cupsd_config_exec_t, cupsd_config_var_run_t, cupsd_exec_t, cupsd_initrc_exec_t, cupsd_log_t, cupsd_lpd_exec_t, cupsd_lpd_tmp_t, cupsd_lpd_var_run_t, cupsd_tmp_t, cupsd_unit_file_t, cupsd_var_run_t, cvs_exec_t, cvs_initrc_exec_t, cvs_script_exec_t, cvs_tmp_t, cvs_var_run_t, cyphesis_exec_t, cyphesis_initrc_exec_t, cyphesis_log_t, cyphesis_tmp_t, cyphesis_var_run_t, cyrus_exec_t, cyrus_initrc_exec_t, cyrus_tmp_t, cyrus_var_run_t, dbadm_sudo_tmp_t, dbskkd_exec_t, dbskkd_tmp_t, dbskkd_var_run_t, dbusd_etc_t, dbusd_exec_t, dbusd_unit_file_t, dcc_client_exec_t, dcc_client_tmp_t, dcc_dbclean_exec_t, dcc_dbclean_tmp_t, dcc_var_run_t, dccd_exec_t, dccd_tmp_t, dccd_var_run_t, dccifd_exec_t, dccifd_tmp_t, dccifd_var_run_t, dccm_exec_t, dccm_tmp_t, dccm_var_run_t, dcerpcd_exec_t, dcerpcd_var_run_t, ddclient_exec_t, ddclient_initrc_exec_t, ddclient_log_t, ddclient_tmp_t, ddclient_var_run_t, debuginfo_exec_t, deltacloudd_exec_t, deltacloudd_log_t, deltacloudd_tmp_t, deltacloudd_var_run_t, denyhosts_exec_t, denyhosts_initrc_exec_t, denyhosts_var_log_t, devicekit_disk_exec_t, devicekit_exec_t, devicekit_power_exec_t, devicekit_tmp_t, devicekit_var_log_t, devicekit_var_run_t, dhcpc_exec_t, dhcpc_helper_exec_t, dhcpc_tmp_t, dhcpc_var_run_t, dhcpd_exec_t, dhcpd_initrc_exec_t, dhcpd_tmp_t, dhcpd_unit_file_t, dhcpd_var_run_t, dictd_exec_t, dictd_initrc_exec_t, dictd_var_run_t, dirsrv_exec_t, dirsrv_snmp_exec_t, dirsrv_snmp_var_log_t, dirsrv_snmp_var_run_t, dirsrv_tmp_t, dirsrv_unit_file_t, dirsrv_var_log_t, dirsrv_var_run_t, dirsrvadmin_exec_t, dirsrvadmin_script_exec_t, dirsrvadmin_tmp_t, dirsrvadmin_unconfined_script_exec_t, dirsrvadmin_unit_file_t, disk_munin_plugin_exec_t, disk_munin_plugin_tmp_t, dkim_milter_data_t, dkim_milter_exec_t, dkim_milter_tmp_t, dlm_controld_exec_t, dlm_controld_initrc_exec_t, dlm_controld_var_log_t, dlm_controld_var_run_t, dmesg_exec_t, dmidecode_exec_t, dnsmasq_exec_t, dnsmasq_initrc_exec_t, dnsmasq_tmp_t, dnsmasq_unit_file_t, dnsmasq_var_log_t, dnsmasq_var_run_t, dnssec_trigger_exec_t, dnssec_trigger_tmp_t, dnssec_trigger_unit_file_t, dnssec_trigger_var_run_t, dovecot_auth_exec_t, dovecot_auth_tmp_t, dovecot_deliver_exec_t, dovecot_deliver_tmp_t, dovecot_exec_t, dovecot_initrc_exec_t, dovecot_tmp_t, dovecot_var_log_t, dovecot_var_run_t, drbd_exec_t, drbd_initrc_exec_t, drbd_tmp_t, drbd_var_run_t, dspam_exec_t, dspam_initrc_exec_t, dspam_log_t, dspam_script_exec_t, dspam_var_run_t, efivarfs_t, entropyd_exec_t, entropyd_initrc_exec_t, entropyd_var_run_t, etc_runtime_t, etc_t, eventlogd_exec_t, eventlogd_var_run_t, evtchnd_exec_t, evtchnd_var_log_t, evtchnd_var_run_t, exim_exec_t, exim_initrc_exec_t, exim_log_t, exim_tmp_t, exim_var_run_t, fail2ban_client_exec_t, fail2ban_exec_t, fail2ban_initrc_exec_t, fail2ban_log_t, fail2ban_tmp_t, fail2ban_var_lib_t, fail2ban_var_run_t, faillog_t, fcoemon_exec_t, fcoemon_initrc_exec_t, fcoemon_var_run_t, fenced_exec_t, fenced_tmp_t, fenced_var_log_t, fenced_var_run_t, fetchmail_exec_t, fetchmail_initrc_exec_t, fetchmail_log_t, fetchmail_var_run_t, file_context_t, fingerd_exec_t, fingerd_log_t, fingerd_var_run_t, firewalld_exec_t, firewalld_initrc_exec_t, firewalld_tmp_t, firewalld_unit_file_t, firewalld_var_log_t, firewalld_var_run_t, firewallgui_exec_t, firewallgui_tmp_t, firstboot_exec_t, flatpak_helper_exec_t, foghorn_exec_t, foghorn_initrc_exec_t, foghorn_var_log_t, foghorn_var_run_t, fonts_cache_t, fonts_t, fprintd_exec_t, fprintd_tmp_t, freeipmi_bmc_watchdog_exec_t, freeipmi_bmc_watchdog_unit_file_t, freeipmi_bmc_watchdog_var_run_t, freeipmi_ipmidetectd_exec_t, freeipmi_ipmidetectd_unit_file_t, freeipmi_ipmidetectd_var_run_t, freeipmi_ipmiseld_exec_t, freeipmi_ipmiseld_unit_file_t, freeipmi_ipmiseld_var_run_t, freqset_exec_t, fsadm_exec_t, fsadm_log_t, fsadm_tmp_t, fsadm_var_run_t, fsdaemon_exec_t, fsdaemon_initrc_exec_t, fsdaemon_tmp_t, fsdaemon_var_run_t, ftpd_exec_t, ftpd_initrc_exec_t, ftpd_tmp_t, ftpd_unit_file_t, ftpd_var_run_t, ftpdctl_exec_t, ftpdctl_tmp_t, fusermount_exec_t, fwupd_exec_t, fwupd_unit_file_t, games_exec_t, games_srv_var_run_t, games_tmp_t, games_tmpfs_t, gconf_tmp_t, gconfd_exec_t, gconfdefaultsm_exec_t, gdomap_exec_t, gdomap_initrc_exec_t, gdomap_var_run_t, geoclue_exec_t, geoclue_tmp_t, getty_exec_t, getty_log_t, getty_tmp_t, getty_unit_file_t, getty_var_run_t, gfs_controld_exec_t, gfs_controld_var_log_t, gfs_controld_var_run_t, git_script_exec_t, git_script_tmp_t, gitd_exec_t, gitosis_exec_t, gkeyringd_exec_t, gkeyringd_tmp_t, glance_api_exec_t, glance_api_initrc_exec_t, glance_api_unit_file_t, glance_log_t, glance_registry_exec_t, glance_registry_initrc_exec_t, glance_registry_tmp_t, glance_registry_unit_file_t, glance_scrubber_exec_t, glance_scrubber_initrc_exec_t, glance_scrubber_unit_file_t, glance_tmp_t, glance_var_run_t, glusterd_exec_t, glusterd_initrc_exec_t, glusterd_log_t, glusterd_tmp_t, glusterd_var_run_t, gnome_atspi_exec_t, gnomesystemmm_exec_t, gpg_agent_exec_t, gpg_agent_tmp_t, gpg_agent_tmpfs_t, gpg_exec_t, gpg_helper_exec_t, gpg_pinentry_tmp_t, gpg_pinentry_tmpfs_t, gpm_exec_t, gpm_initrc_exec_t, gpm_tmp_t, gpm_var_run_t, gpsd_exec_t, gpsd_initrc_exec_t, gpsd_var_run_t, greylist_milter_data_t, greylist_milter_exec_t, groupadd_exec_t, groupd_exec_t, groupd_var_log_t, groupd_var_run_t, gssd_exec_t, gssd_tmp_t, gssproxy_exec_t, gssproxy_unit_file_t, gssproxy_var_run_t, haproxy_exec_t, haproxy_unit_file_t, haproxy_var_log_t, haproxy_var_run_t, hddtemp_exec_t, hddtemp_initrc_exec_t, hostapd_exec_t, hostapd_unit_file_t, hostapd_var_run_t, hostname_etc_t, hostname_exec_t, hsqldb_exec_t, hsqldb_tmp_t, hsqldb_unit_file_t, httpd_config_t, httpd_exec_t, httpd_helper_exec_t, httpd_initrc_exec_t, httpd_log_t, httpd_passwd_exec_t, httpd_php_exec_t, httpd_php_tmp_t, httpd_rotatelogs_exec_t, httpd_suexec_exec_t, httpd_suexec_tmp_t, httpd_sys_content_t, httpd_sys_script_exec_t, httpd_tmp_t, httpd_unconfined_script_exec_t, httpd_unit_file_t, httpd_user_script_exec_t, httpd_var_run_t, hwclock_exec_t, hwdata_t, hwloc_dhwd_exec_t, hwloc_dhwd_unit_t, hwloc_var_run_t, hypervkvp_exec_t, hypervkvp_initrc_exec_t, hypervkvp_unit_file_t, hypervvssd_exec_t, hypervvssd_unit_file_t, ibacm_exec_t, ibacm_log_t, ibacm_var_run_t, ica_tmpfs_t, iceauth_exec_t, icecast_exec_t, icecast_initrc_exec_t, icecast_log_t, icecast_var_run_t, ifconfig_exec_t, ifconfig_var_run_t, inetd_child_exec_t, inetd_child_tmp_t, inetd_child_var_run_t, inetd_exec_t, inetd_log_t, inetd_tmp_t, inetd_var_run_t, init_exec_t, init_tmp_t, init_var_run_t, initrc_exec_t, initrc_tmp_t, initrc_var_log_t, initrc_var_run_t, innd_exec_t, innd_initrc_exec_t, innd_log_t, innd_unit_file_t, innd_var_run_t, install_exec_t, iodined_exec_t, iodined_initrc_exec_t, iodined_unit_file_t, iotop_exec_t, ipa_custodia_dmldap_exec_t, ipa_custodia_exec_t, ipa_custodia_log_t, ipa_custodia_pki_tomcat_exec_t, ipa_custodia_ra_agent_exec_t, ipa_custodia_tmp_t, ipa_dnskey_exec_t, ipa_dnskey_unit_file_t, ipa_helper_exec_t, ipa_log_t, ipa_ods_exporter_exec_t, ipa_ods_exporter_unit_file_t, ipa_otpd_exec_t, ipa_otpd_unit_file_t, ipa_tmp_t, ipa_var_run_t, ipmievd_exec_t, ipmievd_helper_exec_t, ipmievd_unit_file_t, ipmievd_var_run_t, ipsec_exec_t, ipsec_initrc_exec_t, ipsec_log_t, ipsec_mgmt_exec_t, ipsec_mgmt_unit_file_t, ipsec_mgmt_var_run_t, ipsec_tmp_t, ipsec_var_run_t, iptables_exec_t, iptables_initrc_exec_t, iptables_tmp_t, iptables_unit_file_t, iptables_var_lib_t, iptables_var_run_t, irc_exec_t, irqbalance_exec_t, irqbalance_initrc_exec_t, irqbalance_var_run_t, irssi_exec_t, iscsi_log_t, iscsi_tmp_t, iscsi_unit_file_t, iscsi_var_run_t, iscsid_exec_t, isnsd_exec_t, isnsd_initrc_exec_t, isnsd_var_run_t, iwhd_exec_t, iwhd_initrc_exec_t, iwhd_log_t, iwhd_var_run_t, jabberd_exec_t, jabberd_initrc_exec_t, jabberd_router_exec_t, jetty_exec_t, jetty_log_t, jetty_tmp_t, jetty_unit_file_t, jetty_var_run_t, jockey_exec_t, jockey_var_log_t, journalctl_exec_t, kadmind_exec_t, kadmind_log_t, kadmind_tmp_t, kadmind_var_run_t, kdump_exec_t, kdump_initrc_exec_t, kdump_unit_file_t, kdumpctl_exec_t, kdumpctl_tmp_t, kdumpgui_exec_t, kdumpgui_tmp_t, keepalived_exec_t, keepalived_tmp_t, keepalived_unconfined_script_exec_t, keepalived_unit_file_t, keepalived_var_run_t, kerberos_initrc_exec_t, keyboardd_exec_t, keystone_cgi_script_exec_t, keystone_exec_t, keystone_initrc_exec_t, keystone_log_t, keystone_tmp_t, keystone_unit_file_t, keystone_var_run_t, kismet_exec_t, kismet_initrc_exec_t, kismet_log_t, kismet_tmp_t, kismet_tmpfs_t, kismet_var_run_t, klogd_exec_t, klogd_tmp_t, klogd_var_run_t, kmod_exec_t, kmod_tmp_t, kmod_var_run_t, kmscon_exec_t, kmscon_unit_file_t, kpatch_exec_t, kpropd_exec_t, krb5_conf_t, krb5_host_rcache_t, krb5_keytab_t, krb5kdc_exec_t, krb5kdc_log_t, krb5kdc_tmp_t, krb5kdc_var_run_t, ksmtuned_exec_t, ksmtuned_initrc_exec_t, ksmtuned_log_t, ksmtuned_unit_file_t, ksmtuned_var_run_t, ktalkd_exec_t, ktalkd_log_t, ktalkd_tmp_t, ktalkd_unit_file_t, l2tpd_exec_t, l2tpd_initrc_exec_t, l2tpd_tmp_t, l2tpd_var_run_t, lastlog_t, ld_so_cache_t, ld_so_t, ldconfig_exec_t, ldconfig_tmp_t, lib_t, likewise_initrc_exec_t, lircd_exec_t, lircd_initrc_exec_t, lircd_var_run_t, livecd_exec_t, livecd_tmp_t, lldpad_exec_t, lldpad_initrc_exec_t, lldpad_var_run_t, load_policy_exec_t, loadkeys_exec_t, locale_t, locate_exec_t, locate_var_run_t, lockdev_exec_t, login_exec_t, logrotate_exec_t, logrotate_lock_t, logrotate_mail_tmp_t, logrotate_tmp_t, logrotate_var_lib_t, logwatch_exec_t, logwatch_mail_tmp_t, logwatch_tmp_t, logwatch_var_run_t, lpd_exec_t, lpd_tmp_t, lpd_var_run_t, lpr_exec_t, lpr_tmp_t, lsassd_exec_t, lsassd_tmp_t, lsassd_var_run_t, lsmd_exec_t, lsmd_plugin_exec_t, lsmd_plugin_tmp_t, lsmd_unit_file_t, lsmd_var_run_t, lttng_sessiond_exec_t, lttng_sessiond_unit_file_t, lttng_sessiond_var_run_t, lvm_exec_t, lvm_tmp_t, lvm_unit_file_t, lvm_var_run_t, lwiod_exec_t, lwiod_var_run_t, lwregd_exec_t, lwregd_var_run_t, lwsmd_exec_t, lwsmd_var_run_t, machineid_t, mail_munin_plugin_exec_t, mail_munin_plugin_tmp_t, mailman_cgi_exec_t, mailman_cgi_tmp_t, mailman_log_t, mailman_mail_exec_t, mailman_mail_tmp_t, mailman_queue_exec_t, mailman_queue_tmp_t, mailman_var_run_t, man2html_script_exec_t, man_cache_t, man_t, mandb_cache_t, mandb_exec_t, mcelog_exec_t, mcelog_initrc_exec_t, mcelog_log_t, mcelog_var_run_t, mdadm_exec_t, mdadm_initrc_exec_t, mdadm_log_t, mdadm_tmp_t, mdadm_unit_file_t, mdadm_var_run_t, mediawiki_script_exec_t, mediawiki_tmp_t, memcached_exec_t, memcached_initrc_exec_t, memcached_var_run_t, mencoder_exec_t, minidlna_exec_t, minidlna_initrc_exec_t, minidlna_log_t, minidlna_var_run_t, minissdpd_exec_t, minissdpd_initrc_exec_t, minissdpd_var_run_t, mip6d_exec_t, mip6d_unit_file_t, mirrormanager_exec_t, mirrormanager_log_t, mirrormanager_var_run_t, mock_build_exec_t, mock_exec_t, mock_tmp_t, mock_var_lib_t, mock_var_run_t, modemmanager_exec_t, modemmanager_unit_file_t, mojomojo_script_exec_t, mojomojo_tmp_t, mon_procd_exec_t, mon_statd_exec_t, mon_statd_initrc_exec_t, mon_statd_var_run_t, mongod_exec_t, mongod_initrc_exec_t, mongod_log_t, mongod_tmp_t, mongod_unit_file_t, mongod_var_run_t, motion_exec_t, motion_log_t, motion_unit_file_t, motion_var_run_t, mount_ecryptfs_exec_t, mount_exec_t, mount_tmp_t, mount_var_run_t, mozilla_exec_t, mozilla_plugin_config_exec_t, mozilla_plugin_exec_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mozilla_tmp_t, mozilla_tmpfs_t, mpd_exec_t, mpd_initrc_exec_t, mpd_log_t, mpd_tmp_t, mpd_var_run_t, mplayer_exec_t, mplayer_tmpfs_t, mrtg_exec_t, mrtg_initrc_exec_t, mrtg_log_t, mrtg_var_run_t, mscan_exec_t, mscan_initrc_exec_t, mscan_tmp_t, mscan_var_run_t, munin_etc_t, munin_exec_t, munin_initrc_exec_t, munin_log_t, munin_script_exec_t, munin_script_tmp_t, munin_tmp_t, munin_var_run_t, mysqld_etc_t, mysqld_exec_t, mysqld_home_t, mysqld_initrc_exec_t, mysqld_log_t, mysqld_safe_exec_t, mysqld_tmp_t, mysqld_unit_file_t, mysqld_var_run_t, mysqlmanagerd_exec_t, mysqlmanagerd_initrc_exec_t, mysqlmanagerd_var_run_t, mythtv_script_exec_t, mythtv_var_log_t, naemon_exec_t, naemon_initrc_exec_t, naemon_log_t, naemon_var_run_t, nagios_admin_plugin_exec_t, nagios_checkdisk_plugin_exec_t, nagios_eventhandler_plugin_exec_t, nagios_eventhandler_plugin_tmp_t, nagios_exec_t, nagios_initrc_exec_t, nagios_log_t, nagios_mail_plugin_exec_t, nagios_openshift_plugin_exec_t, nagios_openshift_plugin_tmp_t, nagios_script_exec_t, nagios_services_plugin_exec_t, nagios_system_plugin_exec_t, nagios_system_plugin_tmp_t, nagios_tmp_t, nagios_unconfined_plugin_exec_t, nagios_var_run_t, named_cache_t, named_checkconf_exec_t, named_exec_t, named_initrc_exec_t, named_log_t, named_tmp_t, named_unit_file_t, named_var_run_t, namespace_init_exec_t, ncftool_exec_t, ndc_exec_t, net_conf_t, netlabel_mgmt_exec_t, netlabel_mgmt_unit_file_t, netlogond_exec_t, netlogond_var_run_t, netutils_exec_t, netutils_tmp_t, neutron_exec_t, neutron_initrc_exec_t, neutron_log_t, neutron_tmp_t, neutron_unit_file_t, neutron_var_run_t, newrole_exec_t, nfs_t, nfsd_exec_t, nfsd_initrc_exec_t, nfsd_tmp_t, nfsd_unit_file_t, ninfod_exec_t, ninfod_run_t, ninfod_unit_file_t, nis_initrc_exec_t, nis_unit_file_t, nmbd_exec_t, nmbd_var_run_t, nova_exec_t, nova_log_t, nova_tmp_t, nova_unit_file_t, nova_var_run_t, nrpe_exec_t, nrpe_var_run_t, nscd_exec_t, nscd_initrc_exec_t, nscd_log_t, nscd_unit_file_t, nscd_var_run_t, nsd_exec_t, nsd_log_t, nsd_tmp_t, nsd_var_run_t, nslcd_exec_t, nslcd_initrc_exec_t, nslcd_var_run_t, ntop_exec_t, ntop_initrc_exec_t, ntop_tmp_t, ntop_var_run_t, ntpd_exec_t, ntpd_initrc_exec_t, ntpd_log_t, ntpd_tmp_t, ntpd_unit_file_t, ntpd_var_run_t, ntpdate_exec_t, numad_exec_t, numad_unit_file_t, numad_var_log_t, numad_var_run_t, nut_unit_file_t, nut_upsd_exec_t, nut_upsd_tmp_t, nut_upsdrvctl_exec_t, nut_upsdrvctl_tmp_t, nut_upsmon_exec_t, nut_upsmon_tmp_t, nut_var_run_t, nutups_cgi_script_exec_t, nx_server_exec_t, nx_server_tmp_t, nx_server_var_run_t, obex_exec_t, oddjob_exec_t, oddjob_mkhomedir_exec_t, oddjob_unit_file_t, oddjob_var_run_t, opafm_exec_t, opafm_var_run_t, openct_exec_t, openct_initrc_exec_t, openct_var_run_t, opendnssec_exec_t, opendnssec_tmp_t, opendnssec_unit_file_t, opendnssec_var_run_t, openfortivpn_exec_t, openhpid_exec_t, openhpid_initrc_exec_t, openhpid_log_t, openhpid_var_run_t, openshift_app_tmp_t, openshift_cgroup_read_exec_t, openshift_cgroup_read_tmp_t, openshift_cron_exec_t, openshift_cron_tmp_t, openshift_initrc_exec_t, openshift_initrc_tmp_t, openshift_log_t, openshift_net_read_exec_t, openshift_script_exec_t, openshift_tmp_t, openshift_var_lib_t, openshift_var_run_t, opensm_exec_t, opensm_log_t, opensm_unit_file_t, openvpn_exec_t, openvpn_initrc_exec_t, openvpn_status_t, openvpn_tmp_t, openvpn_unconfined_script_exec_t, openvpn_var_log_t, openvpn_var_run_t, openvswitch_exec_t, openvswitch_log_t, openvswitch_tmp_t, openvswitch_unit_file_t, openvswitch_var_run_t, openwsman_exec_t, openwsman_log_t, openwsman_run_t, openwsman_tmp_t, openwsman_unit_file_t, oracleasm_exec_t, oracleasm_initrc_exec_t, oracleasm_tmp_t, osad_exec_t, osad_initrc_exec_t, osad_log_t, osad_var_run_t, pads_exec_t, pads_initrc_exec_t, pads_var_run_t, pam_console_exec_t, pam_timestamp_exec_t, pam_timestamp_tmp_t, pam_var_console_t, pam_var_run_t, passenger_exec_t, passenger_log_t, passenger_tmp_t, passenger_var_run_t, passwd_exec_t, passwd_file_t, pcp_log_t, pcp_plugin_exec_t, pcp_plugin_initrc_exec_t, pcp_pmcd_exec_t, pcp_pmcd_initrc_exec_t, pcp_pmie_exec_t, pcp_pmie_initrc_exec_t, pcp_pmlogger_exec_t, pcp_pmlogger_initrc_exec_t, pcp_pmproxy_exec_t, pcp_pmproxy_initrc_exec_t, pcp_tmp_t, pcp_var_run_t, pcscd_exec_t, pcscd_initrc_exec_t, pcscd_var_run_t, pdns_control_exec_t, pdns_exec_t, pdns_unit_file_t, pdns_var_run_t, pegasus_exec_t, pegasus_openlmi_account_exec_t, pegasus_openlmi_admin_exec_t, pegasus_openlmi_logicalfile_exec_t, pegasus_openlmi_services_exec_t, pegasus_openlmi_storage_exec_t, pegasus_openlmi_storage_tmp_t, pegasus_openlmi_storage_var_run_t, pegasus_openlmi_system_exec_t, pegasus_openlmi_unconfined_exec_t, pegasus_tmp_t, pegasus_var_run_t, pesign_exec_t, pesign_tmp_t, pesign_unit_file_t, pesign_var_run_t, phc2sys_exec_t, phc2sys_unit_file_t, pinentry_exec_t, ping_exec_t, pingd_exec_t, pingd_initrc_exec_t, piranha_fos_exec_t, piranha_fos_var_run_t, piranha_log_t, piranha_lvs_exec_t, piranha_lvs_var_run_t, piranha_pulse_exec_t, piranha_pulse_initrc_exec_t, piranha_pulse_var_run_t, piranha_web_exec_t, piranha_web_tmp_t, piranha_web_var_run_t, pkcs11_modules_conf_t, pkcs11proxyd_exec_t, pkcs11proxyd_unit_file_t, pkcs11proxyd_var_run_t, pkcs_slotd_exec_t, pkcs_slotd_initrc_exec_t, pkcs_slotd_log_t, pkcs_slotd_tmp_t, pkcs_slotd_unit_file_t, pkcs_slotd_var_run_t, pki_log_t, pki_ra_exec_t, pki_ra_log_t, pki_ra_script_exec_t, pki_ra_var_run_t, pki_tomcat_exec_t, pki_tomcat_log_t, pki_tomcat_tmp_t, pki_tomcat_unit_file_t, pki_tomcat_var_run_t, pki_tps_exec_t, pki_tps_log_t, pki_tps_script_exec_t, pki_tps_var_run_t, plymouth_exec_t, plymouthd_exec_t, plymouthd_var_log_t, plymouthd_var_run_t, podsleuth_exec_t, podsleuth_tmp_t, podsleuth_tmpfs_t, policykit_auth_exec_t, policykit_exec_t, policykit_grant_exec_t, policykit_resolve_exec_t, policykit_tmp_t, policykit_var_run_t, polipo_exec_t, polipo_initrc_exec_t, polipo_log_t, polipo_pid_t, polipo_unit_file_t, portmap_exec_t, portmap_helper_exec_t, portmap_initrc_exec_t, portmap_tmp_t, portmap_var_run_t, portreserve_exec_t, portreserve_initrc_exec_t, portreserve_var_run_t, postfix_bounce_exec_t, postfix_bounce_tmp_t, postfix_cleanup_exec_t, postfix_cleanup_tmp_t, postfix_exec_t, postfix_initrc_exec_t, postfix_local_exec_t, postfix_local_tmp_t, postfix_map_exec_t, postfix_map_tmp_t, postfix_master_exec_t, postfix_pickup_exec_t, postfix_pickup_tmp_t, postfix_pipe_exec_t, postfix_pipe_tmp_t, postfix_postdrop_exec_t, postfix_postdrop_t, postfix_postqueue_exec_t, postfix_qmgr_exec_t, postfix_qmgr_tmp_t, postfix_showq_exec_t, postfix_smtp_exec_t, postfix_smtp_tmp_t, postfix_smtpd_exec_t, postfix_smtpd_tmp_t, postfix_var_run_t, postfix_virtual_exec_t, postfix_virtual_tmp_t, postgresql_exec_t, postgresql_initrc_exec_t, postgresql_log_t, postgresql_tmp_t, postgresql_unit_file_t, postgresql_var_run_t, postgrey_exec_t, postgrey_initrc_exec_t, postgrey_var_run_t, power_unit_file_t, pppd_exec_t, pppd_initrc_exec_t, pppd_log_t, pppd_tmp_t, pppd_unit_file_t, pppd_var_run_t, pptp_exec_t, pptp_log_t, pptp_var_run_t, prelink_cron_system_exec_t, prelink_exec_t, prelink_log_t, prelink_tmp_t, prelude_audisp_exec_t, prelude_audisp_var_run_t, prelude_correlator_exec_t, prelude_exec_t, prelude_initrc_exec_t, prelude_lml_exec_t, prelude_lml_tmp_t, prelude_lml_var_run_t, prelude_log_t, prelude_var_run_t, preupgrade_exec_t, prewikka_script_exec_t, privoxy_exec_t, privoxy_initrc_exec_t, privoxy_log_t, privoxy_var_run_t, proc_t, procmail_exec_t, procmail_log_t, procmail_tmp_t, prosody_exec_t, prosody_log_t, prosody_tmp_t, prosody_unit_file_t, prosody_var_run_t, psad_exec_t, psad_initrc_exec_t, psad_tmp_t, psad_var_log_t, psad_var_run_t, ptal_exec_t, ptal_var_run_t, ptchown_exec_t, ptp4l_exec_t, ptp4l_unit_file_t, publicfile_exec_t, pulseaudio_exec_t, pulseaudio_tmpfs_t, pulseaudio_var_run_t, puppet_log_t, puppet_tmp_t, puppet_var_run_t, puppetagent_exec_t, puppetagent_initrc_exec_t, puppetca_exec_t, puppetmaster_exec_t, puppetmaster_initrc_exec_t, puppetmaster_tmp_t, pwauth_exec_t, pwauth_var_run_t, pyicqt_exec_t, pyicqt_log_t, pyicqt_var_run_t, qdiskd_exec_t, qdiskd_var_log_t, qdiskd_var_run_t, qemu_dm_exec_t, qemu_exec_t, qemu_var_run_t, qmail_clean_exec_t, qmail_inject_exec_t, qmail_local_exec_t, qmail_lspawn_exec_t, qmail_queue_exec_t, qmail_remote_exec_t, qmail_rspawn_exec_t, qmail_send_exec_t, qmail_smtpd_exec_t, qmail_splogger_exec_t, qmail_start_exec_t, qmail_tcp_env_exec_t, qpidd_exec_t, qpidd_initrc_exec_t, qpidd_tmp_t, qpidd_var_run_t, quota_exec_t, quota_nld_exec_t, quota_nld_var_run_t, rabbitmq_exec_t, rabbitmq_initrc_exec_t, rabbitmq_tmp_t, rabbitmq_unit_file_t, rabbitmq_var_log_t, rabbitmq_var_run_t, racoon_exec_t, racoon_tmp_t, radiusd_exec_t, radiusd_initrc_exec_t, radiusd_log_t, radiusd_unit_file_t, radiusd_var_run_t, radvd_exec_t, radvd_initrc_exec_t, radvd_var_run_t, rasdaemon_exec_t, rasdaemon_unit_file_t, rdisc_exec_t, rdisc_unit_file_t, readahead_exec_t, readahead_var_run_t, realmd_exec_t, realmd_tmp_t, redis_exec_t, redis_initrc_exec_t, redis_log_t, redis_tmp_t, redis_unit_file_t, redis_var_run_t, regex_milter_data_t, regex_milter_exec_t, restorecond_exec_t, restorecond_var_run_t, rhev_agentd_exec_t, rhev_agentd_log_t, rhev_agentd_tmp_t, rhev_agentd_unit_file_t, rhev_agentd_var_run_t, rhgb_exec_t, rhnsd_exec_t, rhnsd_initrc_exec_t, rhnsd_unit_file_t, rhnsd_var_run_t, rhsmcertd_exec_t, rhsmcertd_initrc_exec_t, rhsmcertd_log_t, rhsmcertd_tmp_t, rhsmcertd_var_run_t, ricci_exec_t, ricci_initrc_exec_t, ricci_modcluster_exec_t, ricci_modcluster_var_log_t, ricci_modcluster_var_run_t, ricci_modclusterd_exec_t, ricci_modlog_exec_t, ricci_modrpm_exec_t, ricci_modservice_exec_t, ricci_modstorage_exec_t, ricci_tmp_t, ricci_var_log_t, ricci_var_run_t, rkhunter_var_lib_t, rkt_exec_t, rkt_unit_file_t, rlogind_exec_t, rlogind_tmp_t, rlogind_var_run_t, rngd_exec_t, rngd_initrc_exec_t, rngd_unit_file_t, rngd_var_run_t, rolekit_exec_t, rolekit_tmp_t, rolekit_unit_file_t, roundup_exec_t, roundup_initrc_exec_t, roundup_var_run_t, rpcbind_exec_t, rpcbind_initrc_exec_t, rpcbind_tmp_t, rpcbind_unit_file_t, rpcbind_var_run_t, rpcd_exec_t, rpcd_initrc_exec_t, rpcd_unit_file_t, rpcd_var_run_t, rpm_exec_t, rpm_log_t, rpm_script_exec_t, rpm_script_tmp_t, rpm_tmp_t, rpm_var_cache_t, rpm_var_run_t, rpmdb_exec_t, rpmdb_tmp_t, rrdcached_exec_t, rrdcached_tmp_t, rrdcached_var_run_t, rshd_exec_t, rssh_chroot_helper_exec_t, rssh_exec_t, rsync_exec_t, rsync_log_t, rsync_tmp_t, rsync_var_run_t, rtas_errd_exec_t, rtas_errd_log_t, rtas_errd_tmp_t, rtas_errd_unit_file_t, rtas_errd_var_run_t, rtkit_daemon_exec_t, rtkit_daemon_initrc_exec_t, run_init_exec_t, rwho_exec_t, rwho_initrc_exec_t, samba_etc_t, samba_initrc_exec_t, samba_log_t, samba_net_exec_t, samba_net_tmp_t, samba_unconfined_script_exec_t, samba_unit_file_t, samba_var_t, sambagui_exec_t, sandbox_exec_t, sanlk_resetd_exec_t, sanlk_resetd_unit_file_t, sanlock_exec_t, sanlock_initrc_exec_t, sanlock_log_t, sanlock_unit_file_t, sanlock_var_run_t, saslauthd_exec_t, saslauthd_initrc_exec_t, saslauthd_var_run_t, sbd_exec_t, sbd_tmpfs_t, sbd_unit_file_t, sbd_var_run_t, sblim_gatherd_exec_t, sblim_initrc_exec_t, sblim_reposd_exec_t, sblim_sfcbd_exec_t, sblim_tmp_t, sblim_var_run_t, screen_exec_t, screen_var_run_t, secadm_sudo_tmp_t, sectool_tmp_t, sectool_var_log_t, sectoolm_exec_t, security_t, selinux_munin_plugin_exec_t, selinux_munin_plugin_tmp_t, semanage_exec_t, semanage_tmp_t, sendmail_exec_t, sendmail_initrc_exec_t, sendmail_log_t, sendmail_tmp_t, sendmail_var_run_t, sensord_exec_t, sensord_initrc_exec_t, sensord_log_t, sensord_unit_file_t, sensord_var_run_t, services_munin_plugin_exec_t, services_munin_plugin_tmp_t, session_dbusd_tmp_t, setfiles_exec_t, setkey_exec_t, setrans_exec_t, setrans_initrc_exec_t, setrans_var_run_t, setroubleshoot_fixit_exec_t, setroubleshoot_fixit_tmp_t, setroubleshoot_tmp_t, setroubleshoot_var_log_t, setroubleshoot_var_run_t, setroubleshootd_exec_t, setsebool_exec_t, seunshare_exec_t, sge_execd_exec_t, sge_job_exec_t, sge_shepherd_exec_t, sge_tmp_t, shell_exec_t, shorewall_exec_t, shorewall_initrc_exec_t, shorewall_log_t, shorewall_tmp_t, shorewall_var_lib_t, showmount_exec_t, slapd_exec_t, slapd_initrc_exec_t, slapd_log_t, slapd_tmp_t, slapd_unit_file_t, slapd_var_run_t, slpd_exec_t, slpd_initrc_exec_t, slpd_log_t, slpd_var_run_t, smbcontrol_exec_t, smbd_exec_t, smbd_tmp_t, smbd_var_run_t, smbmount_exec_t, smokeping_cgi_script_exec_t, smokeping_exec_t, smokeping_initrc_exec_t, smokeping_var_run_t, smoltclient_exec_t, smoltclient_tmp_t, smsd_exec_t, smsd_initrc_exec_t, smsd_log_t, smsd_tmp_t, smsd_var_run_t, snapperd_exec_t, snapperd_log_t, snappy_cli_exec_t, snappy_confine_exec_t, snappy_exec_t, snappy_mount_exec_t, snappy_snap_t, snappy_tmp_t, snappy_unit_file_t, snappy_var_run_t, snmpd_exec_t, snmpd_initrc_exec_t, snmpd_log_t, snmpd_var_run_t, snort_exec_t, snort_initrc_exec_t, snort_log_t, snort_tmp_t, snort_var_run_t, sosreport_exec_t, sosreport_tmp_t, sosreport_var_run_t, soundd_exec_t, soundd_initrc_exec_t, soundd_tmp_t, soundd_var_run_t, spamass_milter_data_t, spamass_milter_exec_t, spamc_exec_t, spamc_tmp_t, spamd_exec_t, spamd_initrc_exec_t, spamd_log_t, spamd_tmp_t, spamd_update_exec_t, spamd_var_run_t, spc_var_run_t, speech_dispatcher_exec_t, speech_dispatcher_log_t, speech_dispatcher_tmp_t, speech_dispatcher_unit_file_t, squid_conf_t, squid_cron_exec_t, squid_exec_t, squid_initrc_exec_t, squid_log_t, squid_script_exec_t, squid_tmp_t, squid_var_run_t, squirrelmail_spool_t, src_t, srvsvcd_exec_t, srvsvcd_var_run_t, ssh_agent_exec_t, ssh_agent_tmp_t, ssh_exec_t, ssh_keygen_exec_t, ssh_keygen_tmp_t, ssh_keysign_exec_t, ssh_tmpfs_t, sshd_exec_t, sshd_initrc_exec_t, sshd_keygen_exec_t, sshd_keygen_unit_file_t, sshd_unit_file_t, sshd_var_run_t, sslh_exec_t, sslh_initrc_exec_t, sslh_unit_file_t, sslh_var_run_t, sssd_exec_t, sssd_initrc_exec_t, sssd_public_t, sssd_selinux_manager_exec_t, sssd_unit_file_t, sssd_var_lib_t, sssd_var_log_t, sssd_var_run_t, staff_sudo_tmp_t, stapserver_exec_t, stapserver_log_t, stapserver_tmp_t, stapserver_tmpfs_t, stapserver_var_run_t, stratisd_exec_t, stratisd_var_run_t, stunnel_exec_t, stunnel_log_t, stunnel_tmp_t, stunnel_var_run_t, su_exec_t, sudo_exec_t, sudo_log_t, sulogin_exec_t, svc_multilog_exec_t, svc_run_exec_t, svc_start_exec_t, svirt_tmp_t, svnserve_exec_t, svnserve_initrc_exec_t, svnserve_log_t, svnserve_tmp_t, svnserve_unit_file_t, svnserve_var_run_t, swat_exec_t, swat_tmp_t, swat_var_run_t, swift_exec_t, swift_tmp_t, swift_unit_file_t, swift_var_run_t, sysadm_passwd_tmp_t, sysadm_sudo_tmp_t, sysfs_t, syslogd_exec_t, syslogd_initrc_exec_t, syslogd_tmp_t, syslogd_unit_file_t, syslogd_var_run_t, sysstat_exec_t, sysstat_initrc_exec_t, sysstat_log_t, system_conf_t, system_cronjob_tmp_t, system_cronjob_var_run_t, system_db_t, system_dbusd_tmp_t, system_dbusd_var_lib_t, system_dbusd_var_run_t, system_mail_tmp_t, system_munin_plugin_exec_t, system_munin_plugin_tmp_t, systemd_bootchart_exec_t, systemd_bootchart_unit_file_t, systemd_bootchart_var_run_t, systemd_coredump_exec_t, systemd_gpt_generator_exec_t, systemd_gpt_generator_unit_file_t, systemd_hostnamed_exec_t, systemd_hwdb_exec_t, systemd_hwdb_unit_file_t, systemd_importd_exec_t, systemd_importd_tmp_t, systemd_importd_var_run_t, systemd_initctl_exec_t, systemd_journal_upload_exec_t, systemd_localed_exec_t, systemd_logger_exec_t, systemd_logind_exec_t, systemd_logind_inhibit_var_run_t, systemd_logind_sessions_t, systemd_logind_var_run_t, systemd_machined_exec_t, systemd_machined_unit_file_t, systemd_machined_var_run_t, systemd_modules_load_exec_t, systemd_modules_load_unit_file_t, systemd_networkd_exec_t, systemd_networkd_unit_file_t, systemd_networkd_var_run_t, systemd_notify_exec_t, systemd_passwd_agent_exec_t, systemd_passwd_var_run_t, systemd_resolved_exec_t, systemd_resolved_unit_file_t, systemd_resolved_var_run_t, systemd_rfkill_exec_t, systemd_rfkill_unit_file_t, systemd_runtime_unit_file_t, systemd_sleep_exec_t, systemd_sysctl_exec_t, systemd_systemctl_exec_t, systemd_timedated_exec_t, systemd_timedated_unit_file_t, systemd_timedated_var_run_t, systemd_tmpfiles_exec_t, systemd_unit_file_t, systemd_userdbd_exec_t, systemd_userdbd_runtime_t, systemd_userdbd_unit_file_t, systemd_vconsole_unit_file_t, tangd_cache_t, tangd_exec_t, tangd_unit_file_t, targetd_exec_t, targetd_tmp_t, targetd_unit_file_t, tcpd_exec_t, tcpd_tmp_t, tcsd_exec_t, tcsd_initrc_exec_t, telepathy_gabble_exec_t, telepathy_gabble_tmp_t, telepathy_idle_exec_t, telepathy_idle_tmp_t, telepathy_logger_exec_t, telepathy_logger_tmp_t, telepathy_mission_control_exec_t, telepathy_mission_control_tmp_t, telepathy_msn_exec_t, telepathy_msn_tmp_t, telepathy_salut_exec_t, telepathy_salut_tmp_t, telepathy_sofiasip_exec_t, telepathy_sofiasip_tmp_t, telepathy_stream_engine_exec_t, telepathy_stream_engine_tmp_t, telepathy_sunshine_exec_t, telepathy_sunshine_tmp_t, telnetd_exec_t, telnetd_tmp_t, telnetd_var_run_t, tetex_data_t, textrel_shlib_t, tftpd_exec_t, tftpd_var_run_t, tgtd_exec_t, tgtd_initrc_exec_t, tgtd_tmp_t, tgtd_var_run_t, thin_aeolus_configserver_exec_t, thin_aeolus_configserver_log_t, thin_aeolus_configserver_var_run_t, thin_exec_t, thin_log_t, thin_var_run_t, thumb_exec_t, thumb_tmp_t, timedatex_exec_t, timemaster_exec_t, timemaster_unit_file_t, timemaster_var_run_t, tlp_exec_t, tlp_unit_file_t, tlp_var_run_t, tmp_t, tmpreaper_exec_t, tomcat_exec_t, tomcat_log_t, tomcat_tmp_t, tomcat_unit_file_t, tomcat_var_run_t, tor_exec_t, tor_initrc_exec_t, tor_unit_file_t, tor_var_log_t, tor_var_run_t, traceroute_exec_t, tuned_exec_t, tuned_initrc_exec_t, tuned_log_t, tuned_tmp_t, tuned_var_run_t, tvtime_exec_t, tvtime_tmp_t, tvtime_tmpfs_t, udev_exec_t, udev_helper_exec_t, udev_tmp_t, udev_var_run_t, ulogd_exec_t, ulogd_initrc_exec_t, ulogd_var_log_t, uml_exec_t, uml_switch_exec_t, uml_switch_var_run_t, uml_tmp_t, uml_tmpfs_t, unconfined_exec_t, unconfined_munin_plugin_exec_t, unconfined_munin_plugin_tmp_t, updfstab_exec_t, updpwd_exec_t, usbmodules_exec_t, usbmuxd_exec_t, usbmuxd_unit_file_t, usbmuxd_var_run_t, user_cron_spool_t, user_fonts_t, user_home_t, user_mail_tmp_t, user_tmp_t, useradd_exec_t, useradd_var_run_t, userhelper_exec_t, usernetctl_exec_t, usr_t, utempter_exec_t, uucpd_exec_t, uucpd_initrc_exec_t, uucpd_log_t, uucpd_tmp_t, uucpd_var_run_t, uuidd_exec_t, uuidd_initrc_exec_t, uuidd_var_run_t, uux_exec_t, var_lib_t, var_lock_t, var_log_t, var_run_t, var_spool_t, varnishd_exec_t, varnishd_initrc_exec_t, varnishd_tmp_t, varnishd_var_run_t, varnishlog_exec_t, varnishlog_initrc_exec_t, varnishlog_log_t, varnishlog_var_run_t, vdagent_exec_t, vdagent_log_t, vdagent_var_run_t, vdagentd_initrc_exec_t, vhostmd_exec_t, vhostmd_initrc_exec_t, vhostmd_var_run_t, virsh_exec_t, virt_bridgehelper_exec_t, virt_cache_t, virt_common_var_run_t, virt_log_t, virt_lxc_var_run_t, virt_qemu_ga_exec_t, virt_qemu_ga_log_t, virt_qemu_ga_tmp_t, virt_qemu_ga_unconfined_exec_t, virt_qemu_ga_var_run_t, virt_tmp_t, virt_var_lib_t, virt_var_run_t, virtd_exec_t, virtd_initrc_exec_t, virtd_lxc_exec_t, virtd_unit_file_t, virtlogd_exec_t, virtlogd_initrc_exec_t, virtlogd_unit_file_t, virtlogd_var_run_t, vlock_exec_t, vmtools_exec_t, vmtools_helper_exec_t, vmtools_tmp_t, vmtools_unconfined_exec_t, vmtools_unit_file_t, vmware_exec_t, vmware_host_exec_t, vmware_host_pid_t, vmware_host_tmp_t, vmware_log_t, vmware_pid_t, vmware_tmp_t, vmware_tmpfs_t, vnstat_exec_t, vnstatd_exec_t, vnstatd_initrc_exec_t, vnstatd_var_run_t, vpnc_exec_t, vpnc_tmp_t, vpnc_var_run_t, w3c_validator_script_exec_t, w3c_validator_tmp_t, watchdog_exec_t, watchdog_initrc_exec_t, watchdog_log_t, watchdog_unconfined_exec_t, watchdog_var_run_t, wdmd_exec_t, wdmd_initrc_exec_t, wdmd_var_run_t, webadm_tmp_t, webalizer_exec_t, webalizer_script_exec_t, webalizer_tmp_t, winbind_exec_t, winbind_helper_exec_t, winbind_log_t, winbind_var_run_t, wine_exec_t, wireshark_exec_t, wireshark_tmp_t, wireshark_tmpfs_t, wpa_cli_exec_t, wtmp_t, xauth_exec_t, xauth_tmp_t, xdm_exec_t, xdm_log_t, xdm_unconfined_exec_t, xdm_unit_file_t, xdm_var_run_t, xenconsoled_exec_t, xenconsoled_var_run_t, xend_exec_t, xend_tmp_t, xend_var_log_t, xend_var_run_t, xenstored_exec_t, xenstored_tmp_t, xenstored_var_log_t, xenstored_var_run_t, xferlog_t, xserver_exec_t, xserver_log_t, xserver_tmpfs_t, xserver_var_run_t, xsession_exec_t, ypbind_exec_t, ypbind_initrc_exec_t, ypbind_tmp_t, ypbind_unit_file_t, ypbind_var_run_t, yppasswdd_exec_t, yppasswdd_var_run_t, ypserv_exec_t, ypserv_tmp_t, ypserv_var_run_t, ypxfr_exec_t, ypxfr_var_run_t, zabbix_agent_exec_t, zabbix_agent_initrc_exec_t, zabbix_exec_t, zabbix_initrc_exec_t, zabbix_log_t, zabbix_script_exec_t, zabbix_tmp_t, zabbix_var_run_t, zarafa_deliver_exec_t, zarafa_deliver_log_t, zarafa_deliver_tmp_t, zarafa_deliver_var_run_t, zarafa_gateway_exec_t, zarafa_gateway_log_t, zarafa_gateway_var_run_t, zarafa_ical_exec_t, zarafa_ical_log_t, zarafa_ical_var_run_t, zarafa_indexer_exec_t, zarafa_indexer_log_t, zarafa_indexer_tmp_t, zarafa_indexer_var_run_t, zarafa_monitor_exec_t, zarafa_monitor_log_t, zarafa_monitor_var_run_t, zarafa_server_exec_t, zarafa_server_log_t, zarafa_server_tmp_t, zarafa_server_var_run_t, zarafa_spooler_exec_t, zarafa_spooler_log_t, zarafa_spooler_var_run_t, zarafa_var_lib_t, zebra_exec_t, zebra_initrc_exec_t, zebra_log_t, zebra_tmp_t, zebra_unit_file_t, zebra_var_run_t, zoneminder_exec_t, zoneminder_initrc_exec_t, zoneminder_log_t, zoneminder_script_exec_t, zoneminder_unit_file_t, zoneminder_var_run_t, zos_remote_exec_t.
Then execute:
restorecon -v '/var/cache/akmods/akmods.log'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that logrotate should be allowed getattr access on the akmods.log file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'logrotate' --raw | audit2allow -M my-logrotate
# semodule -X 300 -i my-logrotate.pp

Additional Information:
Source Context                system_u:system_r:logrotate_t:s0
Target Context                unconfined_u:object_r:var_t:s0
Target Objects                /var/cache/akmods/akmods.log [ file ]
Source                        logrotate
Source Path                   logrotate
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-34.22-1.fc34.noarch
Local Policy RPM              selinux-policy-targeted-34.22-1.fc34.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 5.14.14-200.fc34.x86_64 #1 SMP Wed
                              Oct 20 16:15:12 UTC 2021 x86_64 x86_64
Alert Count                   2
First Seen                    2021-11-07 00:00:57 CET
Last Seen                     2021-11-07 00:00:57 CET
Local ID                      e7320ce9-b89b-424a-9f23-44c93ccb30bc

Raw Audit Messages
type=AVC msg=audit(1636239657.703:597): avc:  denied  { getattr } for  pid=28201 comm="logrotate" path="/var/cache/akmods/akmods.log" dev="dm-1" ino=4587953 scontext=system_u:system_r:logrotate_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file permissive=0


Hash: logrotate,logrotate_t,var_t,file,getattr

Version-Release number of selected component:
selinux-policy-targeted-34.22-1.fc34.noarch

Additional info:
component:      selinux-policy
reporter:       libreport-2.15.2
hashmarkername: setroubleshoot
kernel:         5.14.14-200.fc34.x86_64
type:           libreport

Potential duplicate: bug 1174825
Comment 1 nicolas.vieville 2021-12-06 14:35:37 UTC 
Hello,

As discussed in bug #1454824 comment #103 [1], here is a first attempt for a
fix for this issue. It is available here:

https://src.fedoraproject.org/fork/nvieville/rpms/akmods/tree/fix_selinux_for_logrotate_rhbz-2020889

Cordially,


-- 
NVieville

[1]
https://bugzilla.redhat.com/show_bug.cgi?id=1454824#c103
Comment 2 Zdenek Pytela 2022-04-13 17:22:37 UTC 
I took a brief at the PR, the allow rules should not be necessary, just labeling the cache dir which can as well be done in selinux-policy.
I just need to know: Apart from logrotate, does any service need access to /var/cache/akmods/*?
What is the content of the directory?
Comment 3 nicolas.vieville 2022-04-14 09:51:08 UTC 
Hello,

(In reply to Zdenek Pytela from comment #2)
> I took a brief at the PR, the allow rules should not be necessary, just
> labeling the cache dir which can as well be done in selinux-policy.
> I just need to know: Apart from logrotate, does any service need access to
> /var/cache/akmods/*?

The problem encountered with logrotate has been addressed in commit b99e99c of 
akmods sources (https://src.fedoraproject.org/rpms/akmods/c/b99e99c285f128aac08c5896e8e5920a7d5bddcb?branch=rawhide).
Global logs were moved to /var/log directory, where logrotate can do its job.
logrotate access to /var/cache/akmods directory is no longer needed in  
the new version of akmods. This version will be available in f36. Maybe, the
new version should be pushed to f35 as well. This has to be discussed with
the co-maintainers of this package.

> What is the content of the directory?

The /var/cache/akmods contains last built rpm packages for akmods modules and 
their respective build logs (not the global log file now located in /var/log).
These rpm packages and logs, located in /var/cache/akmods directory are 
self-cleaned by akmods itself and don't rely on logrotate jobs.

Thank you for your question. I hope I answered it. Any comment are welcome.

Cordially,


-- 
NVieville
Comment 4 Zdenek Pytela 2022-04-14 13:40:44 UTC 
Thank you for the progress report and the additional information.
As I understand it now, logs are in /var/log/akmods so no further action is needed.
It would be necessary to create a private type in selinux-policy, e. g. akmods_log_t, if there is some other service requiring access to these data.
If it's not the case, we can close this bz.
Comment 5 Ben Cotton 2022-05-12 16:56:24 UTC 
This message is a reminder that Fedora Linux 34 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 34 on 2022-06-07.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '34'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, change the 'version' 
to a later Fedora Linux version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora Linux 34 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora Linux, you are encouraged to change the 'version' to a later version
prior to this bug being closed.
Comment 6 Sergio Basto 2022-05-12 19:22:23 UTC 
not yet fixed
Comment 7 Zdenek Pytela 2022-07-08 15:03:37 UTC 
Sergio,

Can you describe what is the current issue? This bz was created because logrotate was unable to access logs. Since the logs were moved to /var/log, logrotate can access them now.
Comment 8 Sergio Basto 2022-07-08 15:22:02 UTC 
ll /var/cache/akmods/
total 608
-rw-r--r--  1 root root    228 Jul  8 15:17 akmods.log
-rw-r--r--. 1 root root 414069 Nov 28  2021 akmods.log-20211201
-rw-r--r--  1 root root  18635 Dec 24  2021 akmods.log-20220101
-rw-r--r--  1 root root   8476 Jan 31 00:13 akmods.log-20220201
-rw-r--r--  1 root root   6956 Feb 23 19:50 akmods.log-20220301
-rw-r--r--  1 root root   4531 Mar 29 17:39 akmods.log-20220401
-rw-r--r--  1 root root  20852 Apr 29 20:05 akmods.log-20220501
-rw-r--r--  1 root root   2492 May 23 23:07 akmods.log-20220601
-rw-r--r--  1 root root  17571 Jun 30 22:51 akmods.log-20220701
drwxr-xr-x. 2 root root  28672 Jul  8 15:04 nvidia
drwxr-xr-x  2 root root  12288 Nov 28  2021 rtl8821ce
drwxr-xr-x  2 root root   4096 Jul  8 15:04 v4l2loopback
drwxr-xr-x. 2 root root  32768 Jul  8 15:04 VirtualBox

after observe the above, I don't think "the logs were moved to /var/log" , but I will study a way to move logs to /var/log . 

Unfortunately I think I won't have time before October
Comment 9 Zdenek Pytela 2022-07-08 15:42:46 UTC 
I am not an active akmods user, but I can confirm logrotate works on /var/log/akmods:

# rpm -q akmods
akmods-0.5.7-8.fc36.noarch
# cat /etc/logrotate.d/akmods
/var/log/akmods/akmods.log {
    monthly
    rotate 12
    missingok
    notifempty
    create 644 root root
    su root akmods
}

Perhaps you have previous setting kept? Possibly look for a .rpmnew file.
Comment 10 Sergio Basto 2022-07-08 16:16:59 UTC 
ah right [1] I'm updating my akmods on F35, so it is fixed on F36 ? 


[1] 
https://src.fedoraproject.org/rpms/akmods/c/b99e99c285f128aac08c5896e8e5920a7d5bddcb?branch=rawhide
Comment 11 nicolas.vieville 2022-07-08 22:09:36 UTC 
(In reply to Sergio Basto from comment #10)
> ah right [1] I'm updating my akmods on F35, so it is fixed on F36 ? 

Yes. As you can see it here:

https://src.fedoraproject.org/rpms/akmods/commits/rawhide

Issue with akmods and logrotate are fixed in rawhide and F36, but not 
in F35, that is still far behind (no secure boot feature etc. ).

Maybe it would be worth to align F35 on rawhide/F36 before its EOL.

Cordially,


-- 
NVieville
Comment 12 Sergio Basto 2022-07-09 03:27:26 UTC 
I built the latest akmods in copr https://copr.fedorainfracloud.org/coprs/sergiomb/vboxfor23/package/akmods/ and use it on F35 and epel 7 and 8  
Closing with fixed in version akmods-0.5.7-8.fc36 
I will do some tests and after if the tests were successfully I will build update epel 9 which doesn't have these last two commits ...
Note You need to log in before you can comment on or make changes to this bug.