Description of problem: After upgrading to fc35, I get SELinux is preventing rrdtool queue from using the dac_override capability When I follow these instructions: # ausearch -c 'rrdtool queue' --raw | audit2allow -M my-rrdtoolqueue # semodule -X 300 -i my-rrdtoolqueue.pp semodule fails with: Problems processing filecon rules Failed post db handling Post process failed semodule: Failed! The content of my-rrdtoolqueue.te is: module my-rrdtoolqueue 1.0; require { type collectd_t; class capability dac_override; } #============= collectd_t ============== allow collectd_t self:capability dac_override; Version-Release number of selected component (if applicable): rrdtool-1.7.2-21.fc35.x86_64 How reproducible: Always Steps to Reproduce: See above Expected results: rrdtools/collectd should be allowed to work
Hi, I have similar problems after dnf update: # semodule -X 400 -d my-imap Problems processing filecon rules Failed post db handling Post process failed semodule: Failed! or # semodule -i my-procmail.pp Problems processing filecon rules Failed post db handling Post process failed Cannot add, remove orchange selinux policy since selinux-policy-targeted 35.10-1.fc35 Urgent! Best regards, Herbert
Considering Herbert's problem, the "Component" should probably be changed to "selinux" (I have no permission to do this).
Hi Michael, Yes, you might be right, but it seems that I'm not entitled to change this. Perhaps important is the following: policycoreutils x86_64 3.3-1.fc35 policycoreutils-devel x86_64 3.3-1.fc35 policycoreutils-python-utils noarch 3.3-1.fc35 python3-policycoreutils noarch 3.3-1.fc35
Please update to selinux-policy-35.11-1.fc35 *** This bug has been marked as a duplicate of bug 2042369 ***
sorry, but marking this as a duplicate of bug 2042369 makes no sense, this is in no way related to a non-working custom cockpit module.
Please update to selinux-policy-35.11-1.fc35 or newer. There is a common root cause with bug 2042369. *** This bug has been marked as a duplicate of bug 2042369 ***