Description of problem: SELinux is preventing pmlogger from 'unlink' accesses on the sock_file pmlogger.117288.socket. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that pmlogger should be allowed unlink access on the pmlogger.117288.socket sock_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'pmlogger' --raw | audit2allow -M my-pmlogger # semodule -X 300 -i my-pmlogger.pp Additional Information: Source Context system_u:system_r:pcp_pmlogger_t:s0 Target Context system_u:object_r:var_run_t:s0 Target Objects pmlogger.117288.socket [ sock_file ] Source pmlogger Source Path pmlogger Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-40.17-1.fc40.noarch Local Policy RPM pcp-selinux-6.2.1-1.fc40.x86_64 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 6.8.7-300.fc40.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 19:21:08 UTC 2024 x86_64 Alert Count 2 First Seen 2024-05-01 00:10:02 CEST Last Seen 2024-05-01 00:10:03 CEST Local ID 41b39ed2-b7fa-4b57-8672-da1b9d7c10a9 Raw Audit Messages type=AVC msg=audit(1714515003.850:2620): avc: denied { unlink } for pid=117288 comm="pmlogger" name="pmlogger.117288.socket" dev="tmpfs" ino=12257 scontext=system_u:system_r:pcp_pmlogger_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file permissive=0 Hash: pmlogger,pcp_pmlogger_t,var_run_t,sock_file,unlink Version-Release number of selected component: selinux-policy-targeted-40.17-1.fc40.noarch Additional info: reporter: libreport-2.17.15 reason: SELinux is preventing pmlogger from 'unlink' accesses on the sock_file pmlogger.117288.socket. package: selinux-policy-targeted-40.17-1.fc40.noarch component: pcp hashmarkername: setroubleshoot type: libreport kernel: 6.8.7-300.fc40.x86_64 component: pcp
Created attachment 2030387 [details] File: description
Created attachment 2030388 [details] File: os_info
FEDORA-2024-55a2b3f839 (pcp-6.3.0-2.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-55a2b3f839
The issue is still present on pcp-6.3.0-2.fc40 build (https://bodhi.fedoraproject.org/updates/FEDORA-2024-55a2b3f839). Installation logs still show the issue: https://artifacts.dev.testing-farm.io/90071766-58a4-492d-ba9c-13958892a874/work-installabilitymus_t6dh/installability/execute/data/guest/default-0/installability-2/output.txt
Ups, I am sorry for the noise. The reported selinux issues are coming from the old (not yet fixed) build of PCP during "yum update". So the new PCP build (pcp-6.3.0-2.fc40) fixes it.
FEDORA-2024-55a2b3f839 has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-55a2b3f839` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-55a2b3f839 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-55a2b3f839 (pcp-6.3.0-2.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.