Fedora Account System
Red Hat Associate
Red Hat Customer
Description of problem: I *think* this is something to do with geoclue. I cannot find "pool-2" binary on my system, it's possibly generated on the fly by the geoclue service. The AVC denial seems to happen once after every boot. Journal showing this just after before the AVC denial: systemd[1]: Started geoclue.service - Location Lookup Service. SELinux is preventing pool-2 from 'getattr' accesses on the filesystem /dev/shm. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that pool-2 should be allowed getattr access on the shm filesystem by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'pool-2' --raw | audit2allow -M my-pool2 # semodule -X 300 -i my-pool2.pp Additional Information: Source Context system_u:system_r:geoclue_t:s0 Target Context system_u:object_r:tmpfs_t:s0 Target Objects /dev/shm [ filesystem ] Source pool-2 Source Path pool-2 Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-42.4-1.fc42.noarch Local Policy RPM selinux-policy-targeted-42.4-1.fc42.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 6.15.9-201.fc42.x86_64 #1 SMP PREEMPT_DYNAMIC Sat Aug 2 11:37:34 UTC 2025 x86_64 Alert Count 3 First Seen 2025-08-13 10:03:31 CEST Last Seen 2025-08-25 08:53:02 CEST Local ID ef84f57e-3578-4179-9088-213c5376804c Raw Audit Messages type=AVC msg=audit(1756104782.300:568): avc: denied { getattr } for pid=11732 comm="pool-2" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:geoclue_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1 Hash: pool-2,geoclue_t,tmpfs_t,filesystem,getattr Version-Release number of selected component: selinux-policy-targeted-42.4-1.fc42.noarch Additional info: reporter: libreport-2.17.15 component: selinux-policy type: libreport hashmarkername: setroubleshoot package: selinux-policy-targeted-42.4-1.fc42.noarch kernel: 6.15.9-201.fc42.x86_64 reason: SELinux is preventing pool-2 from 'getattr' accesses on the filesystem /dev/shm. component: selinux-policy
Created attachment 2104638 [details] File: os_info
Created attachment 2104639 [details] File: description
FEDORA-2025-586ab05666 (selinux-policy-42.12-1.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2025-586ab05666
FEDORA-2025-586ab05666 has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-586ab05666` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-586ab05666 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-586ab05666 (selinux-policy-42.12-1.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report.