Description of problem: SELinux denies access of /root/.rpmmacros to rpmdb Version-Release number of selected component (if applicable): 4.17.0 How reproducible: always Steps to Reproduce: 1. sudo rpm --rebuilddb Actual results: probably it does redo the database but throws off a selinux alert Expected results: just redo the database Additional info: I did restorecon -Rv /root and no file was mislabeled this is on the journal: SELinux is preventing rpmdb from open access on the file /root/.rpmmacros. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that rpmdb should be allowed open access on the .rpmmacros file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'rpmdb' --raw | audit2allow -M my-rpmdb # semodule -X 300 -i my-rpmdb.pp
Mikel, This denial does not pop up on my system with rpm-4.17.0-1.fc35.x86_64. Are there any additional conditions needed? I'd like to see audit logs: ausearch -i -m avc,user_avc -ts today and if the following module is sufficient: # cat local_rpmdb_rpmmacros.cil (allow rpmdb_t non_security_file_type (file (open))) # semodule -i local_rpmdb_rpmmacros.cil
FEDORA-2021-ea3fa543f0 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-ea3fa543f0
FEDORA-2021-ea3fa543f0 has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-ea3fa543f0` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-ea3fa543f0 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-ea3fa543f0 has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.
it is working now. (clearing myself of needinfo)