Description of problem: Firefox asked me for permission to give my geo location to a web site, I agreed, got the AVC. SELinux is preventing pool-1 from 'read' accesses on the file no-stub-resolv.conf. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that pool-1 should be allowed read access on the no-stub-resolv.conf file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'pool-1' --raw | audit2allow -M my-pool1 # semodule -X 300 -i my-pool1.pp Additional Information: Source Context system_u:system_r:geoclue_t:s0 Target Context system_u:object_r:NetworkManager_var_run_t:s0 Target Objects no-stub-resolv.conf [ file ] Source pool-1 Source Path pool-1 Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-42.3-1.fc42.noarch Local Policy RPM selinux-policy-targeted-42.3-1.fc42.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 6.15.8-200.fc42.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jul 24 13:26:52 UTC 2025 x86_64 Alert Count 1 First Seen 2025-08-04 22:16:26 EDT Last Seen 2025-08-04 22:16:26 EDT Local ID d78c460b-fccb-4c6d-aa03-a31c14907dc0 Raw Audit Messages type=AVC msg=audit(1754360186.558:694): avc: denied { read } for pid=135323 comm="pool-1" name="no-stub-resolv.conf" dev="tmpfs" ino=6508 scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:object_r:NetworkManager_var_run_t:s0 tclass=file permissive=0 Hash: pool-1,geoclue_t,NetworkManager_var_run_t,file,read Version-Release number of selected component: selinux-policy-targeted-42.3-1.fc42.noarch Additional info: reporter: libreport-2.17.15 reason: SELinux is preventing pool-1 from 'read' accesses on the file no-stub-resolv.conf. package: selinux-policy-targeted-42.3-1.fc42.noarch component: selinux-policy hashmarkername: setroubleshoot type: libreport kernel: 6.15.8-200.fc42.x86_64 comment: Firefox asked me for permission to give my geo location to a web site, I agreed, got the AVC. component: selinux-policy
Created attachment 2102683 [details] File: description
Created attachment 2102684 [details] File: os_info
FEDORA-2025-dde3c4a0f1 (selinux-policy-42.5-1.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2025-dde3c4a0f1
FEDORA-2025-dde3c4a0f1 has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-dde3c4a0f1` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-dde3c4a0f1 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-dde3c4a0f1 (selinux-policy-42.5-1.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report.