Description of problem: This started happening after upgrading F39 to F40. Didn't happen on F39. It seems to happen regularly when virt-manager is running. SELinux is preventing rpc-virtqemud from 'getattr' accesses on the filesystem /. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that rpc-virtqemud should be allowed getattr access on the filesystem by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'rpc-virtqemud' --raw | audit2allow -M my-rpcvirtqemud # semodule -X 300 -i my-rpcvirtqemud.pp Additional Information: Source Context system_u:system_r:virtqemud_t:s0 Target Context system_u:object_r:fs_t:s0 Target Objects / [ filesystem ] Source rpc-virtqemud Source Path rpc-virtqemud Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-40.15-1.fc40.noarch Local Policy RPM selinux-policy-targeted-40.15-1.fc40.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 6.8.1-300.fc40.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Mar 20 04:39:30 UTC 2024 x86_64 Alert Count 3 First Seen 2024-03-27 14:18:08 CET Last Seen 2024-03-27 14:20:03 CET Local ID 903f43fa-37c0-418e-b5fb-b20a2abd5fa4 Raw Audit Messages type=AVC msg=audit(1711545603.763:248): avc: denied { getattr } for pid=3395 comm="rpc-virtqemud" name="/" dev="dm-0" ino=256 scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=1 Hash: rpc-virtqemud,virtqemud_t,fs_t,filesystem,getattr Version-Release number of selected component: selinux-policy-targeted-40.15-1.fc40.noarch Additional info: reporter: libreport-2.17.15 reason: SELinux is preventing rpc-virtqemud from 'getattr' accesses on the filesystem /. package: selinux-policy-targeted-40.15-1.fc40.noarch component: selinux-policy hashmarkername: setroubleshoot type: libreport kernel: 6.8.1-300.fc40.x86_64 comment: This started happening after upgrading F39 to F40. Didn't happen on F39. It seems to happen regularly when virt-manager is running. component: selinux-policy
Created attachment 2023835 [details] File: description
Created attachment 2023836 [details] File: os_info
*** Bug 2277197 has been marked as a duplicate of this bug. ***
*** Bug 2276957 has been marked as a duplicate of this bug. ***
*** Bug 2275414 has been marked as a duplicate of this bug. ***
*** Bug 2271079 has been marked as a duplicate of this bug. ***
FEDORA-2024-759c80369d (selinux-policy-40.18-2.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-759c80369d
FEDORA-2024-759c80369d has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-759c80369d` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-759c80369d See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-759c80369d (selinux-policy-40.18-2.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.