Description of problem: SELinux is preventing /usr/sbin/key.dns_resolver from 'setattr' accesses on the key Neznámé. ***** Plugin catchall (100. confidence) suggests ************************** Pokud jste přesvědčeni, že má key.dns_resolver mít ve výchozím stavu přístup setattr na Neznámé key. Then měli byste tento problém nahlásit jako chybu. Abyste přístup povolili, můžete vygenerovat lokální modul pravidel. Do prozatím tento přístup povolíte příkazy: # ausearch -c 'key.dns_resolve' --raw | audit2allow -M my-keydnsresolve # semodule -X 300 -i my-keydnsresolve.pp Additional Information: Source Context system_u:system_r:keyutils_dns_resolver_t:s0 Target Context system_u:system_r:kernel_t:s0 Target Objects Neznámé [ key ] Source key.dns_resolve Source Path /usr/sbin/key.dns_resolver Port <Neznámé> Host (removed) Source RPM Packages keyutils-1.6.3-1.fc39.x86_64 Target RPM Packages SELinux Policy RPM selinux-policy-targeted-39.5-1.fc39.noarch Local Policy RPM selinux-policy-targeted-39.5-1.fc39.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 6.8.8-200.fc39.x86_64 #1 SMP PREEMPT_DYNAMIC Sat Apr 27 17:42:13 UTC 2024 x86_64 Alert Count 1 First Seen 2024-05-07 08:01:24 CEST Last Seen 2024-05-07 08:01:24 CEST Local ID 35a07f1b-ff98-4f4b-9098-3881253f31df Raw Audit Messages type=AVC msg=audit(1715061684.372:7918): avc: denied { setattr } for pid=394022 comm="key.dns_resolve" scontext=system_u:system_r:keyutils_dns_resolver_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=key permissive=0 type=SYSCALL msg=audit(1715061684.372:7918): arch=x86_64 syscall=keyctl success=yes exit=0 a0=f a1=27640980 a2=5 a3=559f237b02b4 items=0 ppid=381704 pid=394022 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=key.dns_resolve exe=/usr/sbin/key.dns_resolver subj=system_u:system_r:keyutils_dns_resolver_t:s0 key=(null) Hash: key.dns_resolve,keyutils_dns_resolver_t,kernel_t,key,setattr Version-Release number of selected component: selinux-policy-targeted-39.5-1.fc39.noarch Additional info: reporter: libreport-2.17.11 component: selinux-policy kernel: 6.8.8-200.fc39.x86_64 hashmarkername: setroubleshoot reason: SELinux is preventing /usr/sbin/key.dns_resolver from 'setattr' accesses on the key Neznámé. package: selinux-policy-targeted-39.5-1.fc39.noarch type: libreport component: selinux-policy
Created attachment 2031792 [details] File: description
Created attachment 2031793 [details] File: os_info
*** This bug has been marked as a duplicate of bug 2272646 ***