Description of problem: Occurrence after initialisation of this computer. SELinux is preventing coredumpctl from 'read' accesses on the file core.kwalletd5.1000.a024c174fb11458f8d6a7018f8a73647.1163.1643206776000000.zst. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that coredumpctl should be allowed read access on the core.kwalletd5.1000.a024c174fb11458f8d6a7018f8a73647.1163.1643206776000000.zst file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'coredumpctl' --raw | audit2allow -M my-coredumpctl # semodule -X 300 -i my-coredumpctl.pp Additional Information: Source Context system_u:system_r:abrt_t:s0-s0:c0.c1023 Target Context system_u:object_r:systemd_coredump_var_lib_t:s0 Target Objects core.kwalletd5.1000.a024c174fb11458f8d6a7018f8a736 47.1163.1643206776000000.zst [ file ] Source coredumpctl Source Path coredumpctl Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-35.11-1.fc36.noarch Local Policy RPM selinux-policy-targeted-35.11-1.fc36.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.17.0- 0.rc0.20220112gitdaadb3bd0e8d.63.fc36.x86_64 #1 SMP PREEMPT Wed Jan 12 18:54:57 UTC 2022 x86_64 x86_64 Alert Count 7 First Seen 2022-01-26 12:20:55 UTC Last Seen 2022-01-26 14:19:37 UTC Local ID 26d89570-7a28-443d-b3cc-d95d5ad4a931 Raw Audit Messages type=AVC msg=audit(1643206777.913:276): avc: denied { read } for pid=1288 comm="coredumpctl" name="core.kwalletd5.1000.a024c174fb11458f8d6a7018f8a73647.1163.1643206776000000.zst" dev="dm-0" ino=1406863 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:systemd_coredump_var_lib_t:s0 tclass=file permissive=0 Hash: coredumpctl,abrt_t,systemd_coredump_var_lib_t,file,read Version-Release number of selected component: selinux-policy-targeted-35.11-1.fc36.noarch Additional info: component: selinux-policy reporter: libreport-2.16.0 hashmarkername: setroubleshoot kernel: 5.17.0-0.rc0.20220112gitdaadb3bd0e8d.63.fc36.x86_64 type: libreport
Please turn on the following boolean for enabling the event scripts: setsebool abrt_handle_event on
PS /> setsebool abrt_handle_event on Could not change active booleans: Invalid boolean PS /> sudo setsebool abrt_handle_event on Could not change active booleans: Invalid boolean
Are you running these commands as root? What is the output of: $ getsebool abrt_handle_event abrt_handle_event --> off
The command that was invoked by sudo was invoked as the superuser, whereas the command that was not invoked by sudo was not invoked as the superuser. The consequence of 'getsebool abrt_handle_event' is: 'PS /> getsebool abrt_handle_event /usr/sbin/getsebool: SELinux is disabled' SELinux is disabled because I disabled it after proding my previous response, but the consequence of invocation of 'setsebool abrt_handle_event on' is identical despite the opposite status of SELinux, so hopefully that is not important.
Similar problem has been detected: First reboot after installation of kernel 5.17.0-0.rc4.96.fc37 from rawhide hashmarkername: setroubleshoot kernel: 5.17.0-0.rc4.96.fc37.x86_64 package: selinux-policy-targeted-36.2-1.fc37.noarch reason: SELinux is preventing coredumpctl from 'read' accesses on the file core.gutenprint53+us.0.52305d5ea1de4f56a557db1ddccdc829.2392.1645011521000000.zst. type: libreport
Similar problem has been detected: Strawberry fresh install at rawhide fc37 produces this hashmarkername: setroubleshoot kernel: 5.17.0-0.rc4.96.fc37.x86_64 package: selinux-policy-targeted-36.2-1.fc37.noarch reason: SELinux is preventing coredumpctl from 'read' accesses on the file core.strawberry.1000.19c55a95b7fe4b599b2368f5b0cf3afd.5915.1645045888000000.zst. type: libreport