Description of problem: It begun with after installing Samba SELinux is preventing samba-dcerpcd from 'connectto' accesses on the unix_stream_socket /run/systemd/userdb/io.systemd.Machine. ***** Plugin catchall (100. confidence) suggests ************************** Se você acredita nisso samba-dcerpcd deve ser permitido connectto acesso no io.systemd.Machine unix_stream_socket por padrão. Then você deve informar que este é um erro. Você pode gerar um módulo de política local para permitir este acesso. Do permitir este acesso por agora executando: # ausearch -c 'samba-dcerpcd' --raw | audit2allow -M my-sambadcerpcd # semodule -X 300 -i my-sambadcerpcd.pp Additional Information: Source Context system_u:system_r:winbind_rpcd_t:s0 Target Context system_u:system_r:systemd_machined_t:s0 Target Objects /run/systemd/userdb/io.systemd.Machine [ unix_stream_socket ] Source samba-dcerpcd Source Path samba-dcerpcd Port <Desconhecido> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-38.12-1.fc38.noarch Local Policy RPM selinux-policy-targeted-38.12-1.fc38.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 6.2.15-300.fc38.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 11 17:37:39 UTC 2023 x86_64 Alert Count 12 First Seen 2023-05-21 02:06:55 -03 Last Seen 2023-05-21 02:13:22 -03 Local ID 32f2ad33-f5ae-489a-8c3f-d6c7632eea6a Raw Audit Messages type=AVC msg=audit(1684646002.435:1902): avc: denied { connectto } for pid=27491 comm="rpcd_winreg" path="/run/systemd/userdb/io.systemd.Machine" scontext=system_u:system_r:winbind_rpcd_t:s0 tcontext=system_u:system_r:systemd_machined_t:s0 tclass=unix_stream_socket permissive=0 Hash: samba-dcerpcd,winbind_rpcd_t,systemd_machined_t,unix_stream_socket,connectto Version-Release number of selected component: selinux-policy-targeted-38.12-1.fc38.noarch Additional info: reporter: libreport-2.17.10 comment: It begun with after installing Samba reason: SELinux is preventing samba-dcerpcd from 'connectto' accesses on the unix_stream_socket /run/systemd/userdb/io.systemd.Machine. type: libreport kernel: 6.2.15-300.fc38.x86_64 component: selinux-policy package: selinux-policy-targeted-38.12-1.fc38.noarch hashmarkername: setroubleshoot component: selinux-policy
Created attachment 1965985 [details] File: os_info
Created attachment 1965986 [details] File: description
Hi, Do you happen to know when exactly this denial appears? Have you made any related system changes which could trigger this issue? Can you also try if this fix is sufficient? f38# cat local_dcerpcd_machined.cil (allow winbind_rpcd_t systemd_machined_t (unix_stream_socket (connectto))) f38# semodule -i local_dcerpcd_machined.cil
*** Bug 2209664 has been marked as a duplicate of this bug. ***
FEDORA-2023-a19eb5132c has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-a19eb5132c
FEDORA-2023-a19eb5132c has been pushed to the Fedora 38 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-a19eb5132c` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-a19eb5132c See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-a19eb5132c has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.