Description of problem: 1) perform an update with dnf5 `sudo dnf5 upgrade --allowerasing --best` 2) encounter selinux errors for updating a policy with systemd I also was encountering issues with `snapd` at the same time that I had to create a new policy for This is after an upgrade from F37 KDE to F38 KDE SELinux is preventing systemd from 'map' accesses on the file /etc/selinux/targeted/policy/policy.33. ***** Plugin catchall_boolean (89.3 confidence) suggests ****************** If you want to allow any process to mmap any file on system with attribute file_type. Then you must tell SELinux about this by enabling the 'domain_can_mmap_files' boolean. Do setsebool -P domain_can_mmap_files 1 ***** Plugin catchall (11.6 confidence) suggests ************************** If you believe that systemd should be allowed map access on the policy.33 file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'systemd' --raw | audit2allow -M my-systemd # semodule -X 300 -i my-systemd.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:semanage_store_t:s0 Target Objects /etc/selinux/targeted/policy/policy.33 [ file ] Source systemd Source Path systemd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages selinux-policy-targeted-38.12-1.fc38.noarch SELinux Policy RPM selinux-policy-targeted-38.12-1.fc38.noarch Local Policy RPM selinux-policy-targeted-38.12-1.fc38.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 6.2.13-300.fc38.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Apr 27 01:33:30 UTC 2023 x86_64 Alert Count 2 First Seen 2023-04-30 07:35:39 CDT Last Seen 2023-04-30 07:35:42 CDT Local ID 56b06a65-9a76-4afa-8258-a282745fed5e Raw Audit Messages type=AVC msg=audit(1682858142.276:384): avc: denied { map } for pid=1 comm="systemd" path="/etc/selinux/targeted/policy/policy.33" dev="nvme0n1p5" ino=16000572 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:semanage_store_t:s0 tclass=file permissive=0 Hash: systemd,init_t,semanage_store_t,file,map Version-Release number of selected component: selinux-policy-targeted-38.12-1.fc38.noarch Additional info: reporter: libreport-2.17.9 reason: SELinux is preventing systemd from 'map' accesses on the file /etc/selinux/targeted/policy/policy.33. package: selinux-policy-targeted-38.12-1.fc38.noarch component: selinux-policy hashmarkername: setroubleshoot type: libreport kernel: 6.2.13-300.fc38.x86_64 component: selinux-policy
Created attachment 1961179 [details] File: description
Created attachment 1961180 [details] File: os_info
*** This bug has been marked as a duplicate of bug 2192059 ***