SELinux is preventing nfsidmap from connectto access on the unix_stream_socket /run/systemd/userdb/io.systemd.Home. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that nfsidmap should be allowed connectto access on the io.systemd.Home unix_stream_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'nfsidmap' --raw | audit2allow -M my-nfsidmap # semodule -X 300 -i my-nfsidmap.pp Additional Information: Source Context system_u:system_r:nfsidmap_t:s0 Target Context system_u:system_r:init_t:s0 Target Objects /run/systemd/userdb/io.systemd.Home [ unix_stream_socket ] Source nfsidmap Source Path nfsidmap Port <Unknown> Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-40.17-1.fc40.noarch Local Policy RPM selinux-policy-targeted-40.17-1.fc40.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Platform Linux linux-ws1 6.8.9-300.fc40.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 2 18:59:06 UTC 2024 x86_64 Alert Count 121 First Seen 2024-05-04 17:01:36 CDT Last Seen 2024-05-10 10:06:28 CDT Local ID fba84eda-bc22-4703-8da8-9f2b3028c200 Raw Audit Messages type=AVC msg=audit(1715353588.747:526): avc: denied { connectto } for pid=25014 comm="nfsidmap" path="/run/systemd/userdb/io.systemd.Home" scontext=system_u:system_r:nfsidmap_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=unix_stream_socket permissive=0 Hash: nfsidmap,nfsidmap_t,init_t,unix_stream_socket,connectto This is similar to: https://bugzilla.redhat.com/show_bug.cgi?id=2278554 with that fix posted to https://github.com/fedora-selinux/selinux-policy/pull/2096
FEDORA-2024-57abd84015 (selinux-policy-40.19-1.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-57abd84015
FEDORA-2024-57abd84015 has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-57abd84015` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-57abd84015 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-8c0636295a has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-8c0636295a` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-8c0636295a See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-8c0636295a (selinux-policy-40.20-1.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.