These avc denials are logged when nut-monitor attempts to broadcast wall messages in response to a UPS going online/offline (which is the default notification action in /etc/ups/upsmon.conf) Jul 15 04:53:07 cipix nut-monitor[20084]: UPS OfficeMain@localhost on battery Jul 15 04:53:07 cipix audit[22200]: AVC avc: denied { read } for pid=22200 comm="wall" name="sessions" dev="tmpfs" ino=94 scontext=system_u:system_r:nut_upsmon_t:s0 tcontext=system_u:object_r:systemd_login> Jul 15 04:53:07 cipix audit[22200]: AVC avc: denied { read } for pid=22200 comm="wall" name="2" dev="tmpfs" ino=3010 scontext=system_u:system_r:nut_upsmon_t:s0 tcontext=system_u:object_r:systemd_logind_ses> Jul 15 04:53:07 cipix audit[22200]: AVC avc: denied { open } for pid=22200 comm="wall" path="/run/systemd/sessions/2" dev="tmpfs" ino=3010 scontext=system_u:system_r:nut_upsmon_t:s0 tcontext=system_u:objec> Jul 15 04:53:07 cipix audit[22200]: AVC avc: denied { getattr } for pid=22200 comm="wall" path="/run/systemd/sessions/2" dev="tmpfs" ino=3010 scontext=system_u:system_r:nut_upsmon_t:s0 tcontext=system_u:ob> Detail of one of these: Additional Information: Source Context system_u:system_r:nut_upsmon_t:s0 Target Context system_u:object_r:systemd_logind_sessions_t:s0 Target Objects /run/systemd/sessions/2 [ file ] Source wall Source Path wall Port <Unknown> Host cipix Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-40.23-1.fc40.noarch Local Policy RPM selinux-policy-targeted-40.23-1.fc40.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name cipix Platform Linux cipix 6.9.5-200.fc40.x86_64 #1 SMP PREEMPT_DYNAMIC Sun Jun 16 15:47:09 UTC 2024 x86_64 Alert Count 2 First Seen 2024-07-15 04:53:07 MST Last Seen 2024-07-15 04:54:02 MST Local ID 0ff7fcde-6761-4867-8100-4bb5c8e847a7 Reproducible: Always
Matt, Can you include untruncated audit logs or ausearch output? ausearch -i -m avc,user_avc,selinux_err,user_selinux_err -ts today
Hello, apologies for not responding until now I lost sight of this. Here is the output from my system which is now running selinux-policy-targeted-40.26-1.fc40.noarch: $>ausearch -i -m avc,user_avc,selinux_err,user_selinux_err -ts today ---- type=AVC msg=audit(08/25/24 15:08:31.976:201) : avc: denied { read } for pid=6543 comm=wall name=sessions dev="tmpfs" ino=1257 scontext=system_u:system_r:nut_upsmon_t:s0 tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/25/24 15:08:31.976:202) : avc: denied { read } for pid=6543 comm=wall name=2 dev="tmpfs" ino=3185 scontext=system_u:system_r:nut_upsmon_t:s0 tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/25/24 15:08:31.976:203) : avc: denied { open } for pid=6543 comm=wall path=/run/systemd/sessions/2 dev="tmpfs" ino=3185 scontext=system_u:system_r:nut_upsmon_t:s0 tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/25/24 15:08:31.976:204) : avc: denied { getattr } for pid=6543 comm=wall path=/run/systemd/sessions/2 dev="tmpfs" ino=3185 scontext=system_u:system_r:nut_upsmon_t:s0 tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/25/24 15:08:51.971:210) : avc: denied { read } for pid=6673 comm=wall name=sessions dev="tmpfs" ino=1257 scontext=system_u:system_r:nut_upsmon_t:s0 tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=dir permissive=1 ---- type=AVC msg=audit(08/25/24 15:08:51.971:211) : avc: denied { read } for pid=6673 comm=wall name=2 dev="tmpfs" ino=3185 scontext=system_u:system_r:nut_upsmon_t:s0 tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/25/24 15:08:51.971:212) : avc: denied { open } for pid=6673 comm=wall path=/run/systemd/sessions/2 dev="tmpfs" ino=3185 scontext=system_u:system_r:nut_upsmon_t:s0 tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=file permissive=1 ---- type=AVC msg=audit(08/25/24 15:08:51.971:213) : avc: denied { getattr } for pid=6673 comm=wall path=/run/systemd/sessions/2 dev="tmpfs" ino=3185 scontext=system_u:system_r:nut_upsmon_t:s0 tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=file permissive=1
FEDORA-2024-75212378ea (selinux-policy-40.28-1.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-75212378ea
FEDORA-2024-75212378ea has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-75212378ea` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-75212378ea See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-75212378ea (selinux-policy-40.28-1.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.