Description of problem: SELinux is preventing (sd-parse-elf) from 'mounton' accesses on the directory /. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that (sd-parse-elf) should be allowed mounton access on the directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c '(sd-parse-elf)' --raw | audit2allow -M my-sdparseelf # semodule -X 300 -i my-sdparseelf.pp Additional Information: Source Context system_u:system_r:systemd_coredump_t:s0 Target Context system_u:object_r:tmpfs_t:s0 Target Objects / [ dir ] Source (sd-parse-elf) Source Path (sd-parse-elf) Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-41.34-1.fc42.noarch Local Policy RPM selinux-policy-targeted-41.34-1.fc42.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 6.14.0-63.fc42.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Mar 24 19:53:37 UTC 2025 x86_64 Alert Count 1 First Seen 2025-07-03 03:41:03 UTC Last Seen 2025-07-03 03:41:03 UTC Local ID 9b8d73cf-1d57-44e6-9d5a-33ac6e76b559 Raw Audit Messages type=AVC msg=audit(1751514063.987:201): avc: denied { mounton } for pid=4828 comm="(sd-parse-elf)" path="/" dev="overlay" ino=2 scontext=system_u:system_r:systemd_coredump_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir permissive=0 Hash: (sd-parse-elf),systemd_coredump_t,tmpfs_t,dir,mounton Version-Release number of selected component: selinux-policy-targeted-41.34-1.fc42.noarch Additional info: reporter: libreport-2.17.15 kernel: 6.14.0-63.fc42.x86_64 type: libreport hashmarkername: setroubleshoot component: selinux-policy package: selinux-policy-targeted-41.34-1.fc42.noarch reason: SELinux is preventing (sd-parse-elf) from 'mounton' accesses on the directory /. component: selinux-policy
Created attachment 2096001 [details] File: os_info
Created attachment 2096002 [details] File: description
Hi, Is there any special setup needed to trigger this denial?
FEDORA-2025-42c191342a (selinux-policy-42.1-1.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2025-42c191342a
FEDORA-2025-42c191342a has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-42c191342a` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-42c191342a See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Sorry for the wait in response. I am unsure how it can be triggered. I am currently learning more about basic tasks from the Linux Bible and trying to absorb as much as possible. My laptop lost power and the issue happened after rebooting when I had restarted the machine. A further restart seemed to solve the issue. Thank you.
FEDORA-2025-42c191342a (selinux-policy-42.1-1.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report.