Description of problem: Appears after login to DE on fedora 37 Workstation Cinnamon spin after dnf system-upgrade from version 36. Upgrade went smoothly and post-upgrade tasks required no additional action other than manually removing previous version's kernel packages. SELinux is preventing rpmdb_migrate from 'map' accesses on the file /usr/bin/bash. ***** Plugin catchall_boolean (89.3 confidence) suggests ****************** If you want to allow domain to can mmap files Then you must tell SELinux about this by enabling the 'domain_can_mmap_files' boolean. Do setsebool -P domain_can_mmap_files 1 ***** Plugin catchall (11.6 confidence) suggests ************************** If you believe that rpmdb_migrate should be allowed map access on the bash file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'rpmdb_migrate' --raw | audit2allow -M my-rpmdbmigrate # semodule -X 300 -i my-rpmdbmigrate.pp Additional Information: Source Context system_u:system_r:rpmdb_t:s0 Target Context system_u:object_r:shell_exec_t:s0 Target Objects /usr/bin/bash [ file ] Source rpmdb_migrate Source Path rpmdb_migrate Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages bash-5.2.15-1.fc37.x86_64 SELinux Policy RPM selinux-policy-targeted-37.18-1.fc37.noarch Local Policy RPM selinux-policy-targeted-37.18-1.fc37.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 6.1.7-200.fc37.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Jan 18 17:11:49 UTC 2023 x86_64 x86_64 Alert Count 2 First Seen 2023-01-26 09:02:00 GMT Last Seen 2023-01-26 10:57:01 GMT Local ID 9dcf2199-7f19-4b22-98a0-c35db5583338 Raw Audit Messages type=AVC msg=audit(1674730621.159:170): avc: denied { map } for pid=969 comm="rpmdb_migrate" path="/usr/bin/bash" dev="dm-4" ino=54100154 scontext=system_u:system_r:rpmdb_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file permissive=0 Hash: rpmdb_migrate,rpmdb_t,shell_exec_t,file,map Version-Release number of selected component: selinux-policy-targeted-37.18-1.fc37.noarch Additional info: component: selinux-policy reporter: libreport-2.17.4 hashmarkername: setroubleshoot kernel: 6.1.7-200.fc37.x86_64 type: libreport
Neil, Do you know exactly at which moment this denial appeared, or can you pair it with a particular log entry? So far, rpmdb was not allowed to run a shell, so I cam curious what has changed.
From audit.log (3 preceeding and 3 following lines around reported failure: type=SERVICE_START msg=audit(1674651297.514:170): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname= ? addr=? terminal=? res=success'^]UID="root" AUID="unset" type=SERVICE_START msg=audit(1674651297.529:171): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-oomd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr= ? terminal=? res=success'^]UID="root" AUID="unset" type=SERVICE_START msg=audit(1674651297.559:172): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-resolved comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? a ddr=? terminal=? res=success'^]UID="root" AUID="unset" type=BPF msg=audit(1674651297.564:173): prog-id=66 op=LOAD type=AVC msg=audit(1674651297.576:174): avc: denied { map } for pid=983 comm="rpmdb_migrate" path="/usr/bin/bash" dev="dm-4" ino=54100154 scontext=system_u:system_r:rpmdb_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file permissive=0 type=ANOM_ABEND msg=audit(1674651297.576:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:rpmdb_t:s0 pid=983 comm="rpmdb_migrate" exe="/usr/bin/bash" sig=11 res=1^]AUID="unset" UID="root" GID="root" type=SERVICE_START msg=audit(1674651297.586:176): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rpmdb-migrate comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'^]UID="root" AUID="unset" type=SERVICE_START msg=audit(1674651297.594:177): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-broker comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset" type=SERVICE_START msg=audit(1674651297.606:178): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=alsa-state comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset" type=SERVICE_START msg=audit(1674651297.611:179): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset" dm-4 is my hard drive sitting behind a lvm-cache as follows: [root@dumbledore ~]# ls -l /dev/mapper total 0 lrwxrwxrwx. 1 root root 7 Jan 26 12:36 cache-hdd -> ../dm-4 lrwxrwxrwx. 1 root root 7 Jan 26 12:36 cache-hdd_corig -> ../dm-3 lrwxrwxrwx. 1 root root 7 Jan 26 12:36 cache-nvme_cvol -> ../dm-0 lrwxrwxrwx. 1 root root 7 Jan 26 12:36 cache-nvme_cvol-cdata -> ../dm-1 lrwxrwxrwx. 1 root root 7 Jan 26 12:36 cache-nvme_cvol-cmeta -> ../dm-2 I hope this is of some use.
Looks like rpm-migratedb.service executes /usr/lib/rpm/rpmdb_migrate which has a #!/usr/bin/bash shebang line.
Same thing just happened to me. Upgraded from Fedora 36 to Fedora 37. Very first login after system rebooted from the upgrade. Using the KDE spin, but that doesn't seem to be a factor for something caused by rpmdb_migrate.
# touch /var/lib/rpm/.migratedb # service rpmdb-migrate restart ---- type=PROCTITLE msg=audit(01/31/2023 11:49:43.819:490) : proctitle=(null) type=PATH msg=audit(01/31/2023 11:49:43.819:490) : item=2 name=/lib64/ld-linux-x86-64.so.2 inode=139843 dev=fc:02 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=PATH msg=audit(01/31/2023 11:49:43.819:490) : item=1 name=/usr/bin/bash inode=139964 dev=fc:02 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=PATH msg=audit(01/31/2023 11:49:43.819:490) : item=0 name=/usr/lib/rpm/rpmdb_migrate inode=159048 dev=fc:02 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:rpmdb_exec_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(01/31/2023 11:49:43.819:490) : cwd=/ type=SYSCALL msg=audit(01/31/2023 11:49:43.819:490) : arch=x86_64 syscall=execve success=no exit=EACCES(Permission denied) a0=0x563f108cfad0 a1=0x563f107dcac0 a2=0x563f108b1af0 a3=0x563f0d73f010 items=3 ppid=1 pid=1442 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rpmdb_migrate exe=/usr/bin/bash subj=system_u:system_r:rpmdb_t:s0 key=(null) type=AVC msg=audit(01/31/2023 11:49:43.819:490) : avc: denied { map } for pid=1442 comm=rpmdb_migrate path=/usr/bin/bash dev="vda2" ino=139964 scontext=system_u:system_r:rpmdb_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file permissive=0 ---- # rpm -qa selinux\* rpm\* | sort rpm-4.18.0-10.fc38.x86_64 rpmautospec-rpm-macros-0.3.2-1.fc38.noarch rpm-build-libs-4.18.0-10.fc38.x86_64 rpm-libs-4.18.0-10.fc38.x86_64 rpm-plugin-selinux-4.18.0-10.fc38.x86_64 rpm-plugin-systemd-inhibit-4.18.0-10.fc38.x86_64 rpm-sequoia-1.2.0-2.fc38.x86_64 rpm-sign-libs-4.18.0-10.fc38.x86_64 selinux-policy-38.5-2.fc38.noarch selinux-policy-targeted-38.5-2.fc38.noarch #
Following SELinux denials appeared in permissive mode: ---- type=PROCTITLE msg=audit(01/31/2023 11:56:27.532:494) : proctitle=/usr/bin/bash /usr/lib/rpm/rpmdb_migrate type=PATH msg=audit(01/31/2023 11:56:27.532:494) : item=2 name=/lib64/ld-linux-x86-64.so.2 inode=139843 dev=fc:02 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=PATH msg=audit(01/31/2023 11:56:27.532:494) : item=1 name=/usr/bin/bash inode=139964 dev=fc:02 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=PATH msg=audit(01/31/2023 11:56:27.532:494) : item=0 name=/usr/lib/rpm/rpmdb_migrate inode=159048 dev=fc:02 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:rpmdb_exec_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(01/31/2023 11:56:27.532:494) : cwd=/ type=EXECVE msg=audit(01/31/2023 11:56:27.532:494) : argc=2 a0=/usr/bin/bash a1=/usr/lib/rpm/rpmdb_migrate type=SYSCALL msg=audit(01/31/2023 11:56:27.532:494) : arch=x86_64 syscall=execve success=yes exit=0 a0=0x563f108fb790 a1=0x563f10993330 a2=0x563f1088e470 a3=0x563f0d73f010 items=3 ppid=1 pid=1477 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rpmdb_migrate exe=/usr/bin/bash subj=system_u:system_r:rpmdb_t:s0 key=(null) type=AVC msg=audit(01/31/2023 11:56:27.532:494) : avc: denied { execute } for pid=1477 comm=rpmdb_migrate path=/usr/bin/bash dev="vda2" ino=139964 scontext=system_u:system_r:rpmdb_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file permissive=1 type=AVC msg=audit(01/31/2023 11:56:27.532:494) : avc: denied { map } for pid=1477 comm=rpmdb_migrate path=/usr/bin/bash dev="vda2" ino=139964 scontext=system_u:system_r:rpmdb_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file permissive=1 ---- type=PROCTITLE msg=audit(01/31/2023 11:56:27.537:495) : proctitle=/usr/bin/bash /usr/lib/rpm/rpmdb_migrate type=PATH msg=audit(01/31/2023 11:56:27.537:495) : item=0 name=/usr/bin/rpm inode=158893 dev=fc:02 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:rpm_exec_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(01/31/2023 11:56:27.537:495) : cwd=/ type=SYSCALL msg=audit(01/31/2023 11:56:27.537:495) : arch=x86_64 syscall=newfstatat success=yes exit=0 a0=AT_FDCWD a1=0x557499ded720 a2=0x7ffd734674c0 a3=0x0 items=1 ppid=1477 pid=1478 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rpmdb_migrate exe=/usr/bin/bash subj=system_u:system_r:rpmdb_t:s0 key=(null) type=AVC msg=audit(01/31/2023 11:56:27.537:495) : avc: denied { getattr } for pid=1478 comm=rpmdb_migrate path=/usr/bin/rpm dev="vda2" ino=158893 scontext=system_u:system_r:rpmdb_t:s0 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file permissive=1 ---- type=PROCTITLE msg=audit(01/31/2023 11:56:27.538:496) : proctitle=/usr/bin/bash /usr/lib/rpm/rpmdb_migrate type=PATH msg=audit(01/31/2023 11:56:27.538:496) : item=0 name=/usr/bin/rpm inode=158893 dev=fc:02 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:rpm_exec_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(01/31/2023 11:56:27.538:496) : cwd=/ type=SYSCALL msg=audit(01/31/2023 11:56:27.538:496) : arch=x86_64 syscall=access success=yes exit=0 a0=0x557499ded720 a1=X_OK a2=0x0 a3=0x0 items=1 ppid=1477 pid=1478 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rpmdb_migrate exe=/usr/bin/bash subj=system_u:system_r:rpmdb_t:s0 key=(null) type=AVC msg=audit(01/31/2023 11:56:27.538:496) : avc: denied { execute } for pid=1478 comm=rpmdb_migrate name=rpm dev="vda2" ino=158893 scontext=system_u:system_r:rpmdb_t:s0 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file permissive=1 ---- type=PROCTITLE msg=audit(01/31/2023 11:56:27.538:497) : proctitle=/usr/bin/bash /usr/lib/rpm/rpmdb_migrate type=PATH msg=audit(01/31/2023 11:56:27.538:497) : item=1 name=/lib64/ld-linux-x86-64.so.2 inode=139843 dev=fc:02 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=PATH msg=audit(01/31/2023 11:56:27.538:497) : item=0 name=/usr/bin/rpm inode=158893 dev=fc:02 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:rpm_exec_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(01/31/2023 11:56:27.538:497) : cwd=/ type=EXECVE msg=audit(01/31/2023 11:56:27.538:497) : argc=3 a0=rpm a1=--eval a2=%_dbpath type=SYSCALL msg=audit(01/31/2023 11:56:27.538:497) : arch=x86_64 syscall=execve success=yes exit=0 a0=0x557499ded720 a1=0x557499ded290 a2=0x557499de9d60 a3=0x8 items=2 ppid=1477 pid=1478 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rpm exe=/usr/bin/rpm subj=system_u:system_r:rpmdb_t:s0 key=(null) type=AVC msg=audit(01/31/2023 11:56:27.538:497) : avc: denied { map } for pid=1478 comm=rpm path=/usr/bin/rpm dev="vda2" ino=158893 scontext=system_u:system_r:rpmdb_t:s0 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file permissive=1 type=AVC msg=audit(01/31/2023 11:56:27.538:497) : avc: denied { execute_no_trans } for pid=1478 comm=rpmdb_migrate path=/usr/bin/rpm dev="vda2" ino=158893 scontext=system_u:system_r:rpmdb_t:s0 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file permissive=1 type=AVC msg=audit(01/31/2023 11:56:27.538:497) : avc: denied { open } for pid=1478 comm=rpmdb_migrate path=/usr/bin/rpm dev="vda2" ino=158893 scontext=system_u:system_r:rpmdb_t:s0 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file permissive=1 ---- type=PROCTITLE msg=audit(01/31/2023 11:56:27.549:498) : proctitle=/usr/bin/bash /usr/lib/rpm/rpmdb_migrate type=PATH msg=audit(01/31/2023 11:56:27.549:498) : item=0 name=/var/lib/rpm inode=563 dev=fc:02 mode=link,777 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:rpm_var_lib_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(01/31/2023 11:56:27.549:498) : cwd=/ type=SYSCALL msg=audit(01/31/2023 11:56:27.549:498) : arch=x86_64 syscall=newfstatat success=yes exit=0 a0=AT_FDCWD a1=0x557499dede30 a2=0x7ffd73467fa0 a3=0x100 items=1 ppid=1 pid=1477 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rpmdb_migrate exe=/usr/bin/bash subj=system_u:system_r:rpmdb_t:s0 key=(null) type=AVC msg=audit(01/31/2023 11:56:27.549:498) : avc: denied { getattr } for pid=1477 comm=rpmdb_migrate path=/var/lib/rpm dev="vda2" ino=563 scontext=system_u:system_r:rpmdb_t:s0 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=lnk_file permissive=1 ---- type=PROCTITLE msg=audit(01/31/2023 11:56:27.549:499) : proctitle=/usr/bin/bash /usr/lib/rpm/rpmdb_migrate type=PATH msg=audit(01/31/2023 11:56:27.549:499) : item=0 name=/usr/bin/rm inode=148137 dev=fc:02 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(01/31/2023 11:56:27.549:499) : cwd=/ type=SYSCALL msg=audit(01/31/2023 11:56:27.549:499) : arch=x86_64 syscall=access success=yes exit=0 a0=0x557499ded9f0 a1=X_OK a2=0x0 a3=0x0 items=1 ppid=1 pid=1477 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rpmdb_migrate exe=/usr/bin/bash subj=system_u:system_r:rpmdb_t:s0 key=(null) type=AVC msg=audit(01/31/2023 11:56:27.549:499) : avc: denied { execute } for pid=1477 comm=rpmdb_migrate name=rm dev="vda2" ino=148137 scontext=system_u:system_r:rpmdb_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1 ---- type=PROCTITLE msg=audit(01/31/2023 11:56:27.551:500) : proctitle=rm -v /var/lib/rpm/.migratedb type=PATH msg=audit(01/31/2023 11:56:27.551:500) : item=1 name=/lib64/ld-linux-x86-64.so.2 inode=139843 dev=fc:02 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=PATH msg=audit(01/31/2023 11:56:27.551:500) : item=0 name=/usr/bin/rm inode=148137 dev=fc:02 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(01/31/2023 11:56:27.551:500) : cwd=/ type=EXECVE msg=audit(01/31/2023 11:56:27.551:500) : argc=3 a0=rm a1=-v a2=/var/lib/rpm/.migratedb type=SYSCALL msg=audit(01/31/2023 11:56:27.551:500) : arch=x86_64 syscall=execve success=yes exit=0 a0=0x557499ded9f0 a1=0x557499def000 a2=0x557499de9d60 a3=0x8 items=2 ppid=1477 pid=1479 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rm exe=/usr/bin/rm subj=system_u:system_r:rpmdb_t:s0 key=(null) type=AVC msg=audit(01/31/2023 11:56:27.551:500) : avc: denied { map } for pid=1479 comm=rm path=/usr/bin/rm dev="vda2" ino=148137 scontext=system_u:system_r:rpmdb_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1 type=AVC msg=audit(01/31/2023 11:56:27.551:500) : avc: denied { execute_no_trans } for pid=1479 comm=rpmdb_migrate path=/usr/bin/rm dev="vda2" ino=148137 scontext=system_u:system_r:rpmdb_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1 ---- type=PROCTITLE msg=audit(01/31/2023 11:56:27.553:501) : proctitle=rm -v /var/lib/rpm/.migratedb type=PATH msg=audit(01/31/2023 11:56:27.553:501) : item=0 name=/var/lib/rpm/.migratedb inode=202090 dev=fc:02 mode=file,644 ouid=root ogid=root rdev=00:00 obj=unconfined_u:object_r:rpm_var_lib_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(01/31/2023 11:56:27.553:501) : cwd=/ type=SYSCALL msg=audit(01/31/2023 11:56:27.553:501) : arch=x86_64 syscall=newfstatat success=yes exit=0 a0=AT_FDCWD a1=0x564aba690910 a2=0x564aba690880 a3=0x100 items=1 ppid=1477 pid=1479 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rm exe=/usr/bin/rm subj=system_u:system_r:rpmdb_t:s0 key=(null) type=AVC msg=audit(01/31/2023 11:56:27.553:501) : avc: denied { read } for pid=1479 comm=rm name=rpm dev="vda2" ino=563 scontext=system_u:system_r:rpmdb_t:s0 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=lnk_file permissive=1 ----
Similar problem has been detected: This happened on first boot after upgrading from f36 to f37. It (possibly) results in: rpmdb-migrate.service - RPM database migration to /usr Loaded: loaded (/usr/lib/systemd/system/rpmdb-migrate.service; enabled; preset: enabled) Active: failed (Result: signal) since Wed 2023-02-01 21:26:51 CET; 5min ago Process: 10654 ExecStart=/usr/lib/rpm/rpmdb_migrate (code=killed, signal=SEGV) Main PID: 10654 (code=killed, signal=SEGV) CPU: 1ms Feb 01 21:26:51 fedora systemd[1]: Starting rpmdb-migrate.service - RPM database migration to /usr... Feb 01 21:26:51 fedora systemd[1]: rpmdb-migrate.service: Main process exited, code=killed, status=11/SEGV Feb 01 21:26:51 fedora systemd[1]: rpmdb-migrate.service: Failed with result 'signal'. Feb 01 21:26:51 fedora systemd[1]: Failed to start rpmdb-migrate.service - RPM database migration to /usr. hashmarkername: setroubleshoot kernel: 6.1.8-200.fc37.x86_64 package: selinux-policy-targeted-37.18-1.fc37.noarch reason: SELinux is preventing rpmdb_migrate from 'map' accesses on the Datei /usr/bin/bash. type: libreport
*** Bug 2166897 has been marked as a duplicate of this bug. ***
*** Bug 2166633 has been marked as a duplicate of this bug. ***
FEDORA-2023-7bf3639a5d has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-7bf3639a5d
FEDORA-2023-7bf3639a5d has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-7bf3639a5d` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-7bf3639a5d See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Pushed update fixes the problem for me. thank you!
FEDORA-2023-7bf3639a5d has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.
*** Bug 2173363 has been marked as a duplicate of this bug. ***
*** Bug 2174567 has been marked as a duplicate of this bug. ***
*** Bug 2173952 has been marked as a duplicate of this bug. ***
This needs fixing on F38. Proposing as a Final blocker as a violation of Final criterion "All system services present after installation with one of the release-blocking package sets must start properly, unless they require hardware which is not present" together with Beta requirement "The upgraded system must meet all release criteria" - https://fedoraproject.org/wiki/Fedora_38_Beta_Release_Criteria#Upgrade_requirements and https://fedoraproject.org/wiki/Fedora_38_Final_Release_Criteria#System_services . Also proposing as a Beta FE as it would be good to ensure this migration works correctly for upgrades performed during the Beta freeze.
+3 in https://pagure.io/fedora-qa/blocker-review/issue/1066 , marking accepted FE.
FEDORA-2023-eaebcb91e7 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-eaebcb91e7
This is fixed for me with https://bodhi.fedoraproject.org/updates/FEDORA-2023-eaebcb91e7
FEDORA-2023-eaebcb91e7 has been pushed to the Fedora 38 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-eaebcb91e7 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
*** Bug 2175539 has been marked as a duplicate of this bug. ***
FEDORA-2023-eaebcb91e7 has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.