Description of problem: I upgraded my F36 Workstation and rebooted. This is the first time I see this error, so it must be related to the recent update. SELinux is preventing 10-sendmail from 'execute' accesses on the file /usr/bin/systemctl. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that 10-sendmail should be allowed execute access on the systemctl file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c '10-sendmail' --raw | audit2allow -M my-10sendmail # semodule -X 300 -i my-10sendmail.pp Additional Information: Source Context system_u:system_r:NetworkManager_dispatcher_custom _t:s0 Target Context system_u:object_r:systemd_systemctl_exec_t:s0 Target Objects /usr/bin/systemctl [ file ] Source 10-sendmail Source Path 10-sendmail Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages systemd-250.3-8.fc36.x86_64 SELinux Policy RPM selinux-policy-targeted-36.9-1.fc36.noarch Local Policy RPM selinux-policy-targeted-36.9-1.fc36.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.17.9-300.fc36.x86_64 #1 SMP PREEMPT Wed May 18 15:08:23 UTC 2022 x86_64 x86_64 Alert Count 1 First Seen 2022-05-23 09:25:13 CEST Last Seen 2022-05-23 09:25:13 CEST Local ID ff05b81a-2cf8-48ad-8690-b178d90492e2 Raw Audit Messages type=AVC msg=audit(1653290713.727:245): avc: denied { execute } for pid=1396 comm="10-sendmail" name="systemctl" dev="dm-0" ino=1836519 scontext=system_u:system_r:NetworkManager_dispatcher_custom_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file permissive=1 Hash: 10-sendmail,NetworkManager_dispatcher_custom_t,systemd_systemctl_exec_t,file,execute Version-Release number of selected component: selinux-policy-targeted-36.9-1.fc36.noarch Additional info: component: selinux-policy reporter: libreport-2.17.1 hashmarkername: setroubleshoot kernel: 5.17.9-300.fc36.x86_64 type: libreport
*** Bug 2089176 has been marked as a duplicate of this bug. ***
*** Bug 2089177 has been marked as a duplicate of this bug. ***
Similar problem has been detected: This happens at boot, even after "fixfiles onboot", together with another 10 AVCs. hashmarkername: setroubleshoot kernel: 5.17.11-300.fc36.x86_64 package: selinux-policy-targeted-36.9-1.fc36.noarch reason: SELinux is preventing 10-sendmail from 'execute' accesses on the file /usr/bin/systemctl. type: libreport
Similar problem has been detected: This happens at boot, even after "fixfiles onboot", together with another 10 AVCs. hashmarkername: setroubleshoot kernel: 5.17.11-300.fc36.x86_64 package: selinux-policy-targeted-36.9-1.fc36.noarch reason: SELinux is preventing 10-sendmail from read, open access on the file /usr/bin/systemctl. type: libreport
Similar problem has been detected: This happens at boot, even after "fixfiles onboot", together with another 10 AVCs. hashmarkername: setroubleshoot kernel: 5.17.11-300.fc36.x86_64 package: selinux-policy-targeted-36.9-1.fc36.noarch reason: SELinux is preventing 10-sendmail from 'execute_no_trans' accesses on the file /usr/bin/systemctl. type: libreport
FEDORA-2022-a8b9033ed5 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-a8b9033ed5
FEDORA-2022-a8b9033ed5 has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-a8b9033ed5` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-a8b9033ed5 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-a8b9033ed5 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report.