Hide Forgot
Description of problem: SELinux is preventing pcscd from 'sys_ptrace' accesses on the cap_userns labeled pcscd_t. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that pcscd should be allowed sys_ptrace access on cap_userns labeled pcscd_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'pcscd' --raw | audit2allow -M my-pcscd # semodule -X 300 -i my-pcscd.pp Additional Information: Source Context system_u:system_r:pcscd_t:s0 Target Context system_u:system_r:pcscd_t:s0 Target Objects Unknown [ cap_userns ] Source pcscd Source Path pcscd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-36.6-1.fc36.noarch Local Policy RPM selinux-policy-targeted-36.6-1.fc36.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 5.16.16-200.fc35.x86_64 #1 SMP PREEMPT Wed Mar 23 00:44:58 CET 2022 x86_64 x86_64 Alert Count 1 First Seen 2022-04-07 21:56:07 CEST Last Seen 2022-04-07 21:56:07 CEST Local ID 6626505e-d00c-4165-a208-37738572322e Raw Audit Messages type=AVC msg=audit(1649361367.669:902): avc: denied { sys_ptrace } for pid=3295 comm="pcscd" capability=19 scontext=system_u:system_r:pcscd_t:s0 tcontext=system_u:system_r:pcscd_t:s0 tclass=cap_userns permissive=1 Hash: pcscd,pcscd_t,pcscd_t,cap_userns,sys_ptrace Version-Release number of selected component: selinux-policy-targeted-36.6-1.fc36.noarch Additional info: component: selinux-policy reporter: libreport-2.17.1 hashmarkername: setroubleshoot kernel: 5.16.16-200.fc35.x86_64 type: libreport Potential duplicate: bug 1985823
FEDORA-2022-c5bee6b70f has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-c5bee6b70f
FEDORA-2022-c5bee6b70f has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-c5bee6b70f` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-c5bee6b70f See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-c5bee6b70f has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.