Description of problem: SELinux is preventing /usr/libexec/openssh/sshd-session from 'unlink' accesses on the file /var/lib/lastlog/lastlog2.db-journal. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow sshd-session to have unlink access on the lastlog2.db-journal file Then you need to change the label on /var/lib/lastlog/lastlog2.db-journal Do # semanage fcontext -a -t FILE_TYPE '/var/lib/lastlog/lastlog2.db-journal' where FILE_TYPE is one of the following: abrt_var_cache_t, auth_cache_t, auth_home_t, cgroup_memory_pressure_t, cgroup_t, faillog_t, gitosis_var_lib_t, gkeyringd_tmp_t, krb5_host_rcache_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, openshift_tmp_t, pam_var_run_t, ssh_home_t, sshd_var_run_t, systemd_passwd_var_run_t, user_tmp_t, var_auth_t. Then execute: restorecon -v '/var/lib/lastlog/lastlog2.db-journal' ***** Plugin catchall (17.1 confidence) suggests ************************** If you believe that sshd-session should be allowed unlink access on the lastlog2.db-journal file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'sshd-session' --raw | audit2allow -M my-sshdsession # semodule -X 300 -i my-sshdsession.pp Additional Information: Source Context system_u:system_r:sshd_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_lib_t:s0 Target Objects /var/lib/lastlog/lastlog2.db-journal [ file ] Source sshd-session Source Path /usr/libexec/openssh/sshd-session Port <Unknown> Host (removed) Source RPM Packages openssh-server-10.0p1-4.fc43.x86_64 Target RPM Packages SELinux Policy RPM selinux-policy-targeted-42.1-1.fc43.noarch Local Policy RPM selinux-policy-targeted-42.1-1.fc43.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 6.16.0- 0.rc6.250715g155a3c003e55.53.fc43.x86_64+debug #1 SMP PREEMPT_DYNAMIC Wed Jul 16 10:58:51 UTC 2025 x86_64 Alert Count 2 First Seen 2025-07-20 13:55:37 +05 Last Seen 2025-07-21 23:59:36 +05 Local ID 6a79a6df-acc3-4b7e-ba26-b2aa19d51a19 Raw Audit Messages type=AVC msg=audit(1753124376.17:3391): avc: denied { unlink } for pid=318538 comm="sshd-session" name="lastlog2.db-journal" dev="nvme0n1p3" ino=160503672 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=1 type=SYSCALL msg=audit(1753124376.17:3391): arch=x86_64 syscall=unlink success=yes exit=0 a0=55e8e91904f2 a1=55e8e91904f2 a2=0 a3=0 items=2 ppid=1804 pid=318538 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm=sshd-session exe=/usr/libexec/openssh/sshd-session subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=CWD msg=audit(1753124376.17:3391): cwd=/ type=PATH msg=audit(1753124376.17:3391): item=0 name=/var/lib/lastlog/ inode=153686313 dev=00:23 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_lib_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 type=PATH msg=audit(1753124376.17:3391): item=1 name=/var/lib/lastlog/lastlog2.db-journal inode=160503672 dev=00:23 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_lib_t:s0 nametype=DELETE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 Hash: sshd-session,sshd_t,var_lib_t,file,unlink Version-Release number of selected component: selinux-policy-targeted-42.1-1.fc43.noarch Additional info: reporter: libreport-2.17.15 reason: SELinux is preventing /usr/libexec/openssh/sshd-session from 'unlink' accesses on the file /var/lib/lastlog/lastlog2.db-journal. package: selinux-policy-targeted-42.1-1.fc43.noarch component: selinux-policy hashmarkername: setroubleshoot type: libreport kernel: 6.16.0-0.rc6.250715g155a3c003e55.53.fc43.x86_64+debug component: selinux-policy
Created attachment 2097882 [details] File: description
Created attachment 2097883 [details] File: os_info
*** This bug has been marked as a duplicate of bug 2379871 ***