Description of problem: This occurred soon after https://bugzilla.redhat.com/show_bug.cgi?id=2461082#c0 did. SELinux is preventing /usr/bin/pasta from 'write' accesses on the file /home/RokeJulianLockhart/lockfile. ***** Plugin leaks (86.2 confidence) suggests ***************************** If you want to ignore pasta trying to write access the lockfile file, because you believe it should not need this access. Then you should report this as a bug. You can generate a local policy module to dontaudit this access. Do # ausearch -x /usr/bin/pasta --raw | audit2allow -D -M my-pasta # semodule -X 300 -i my-pasta.pp ***** Plugin catchall (14.7 confidence) suggests ************************** If you believe that pasta should be allowed write access on the lockfile file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'pasta' --raw | audit2allow -M my-pasta # semodule -X 300 -i my-pasta.pp Additional Information: Source Context unconfined_u:unconfined_r:pasta_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:user_home_t:s0 Target Objects /home/RokeJulianLockhart/lockfile [ file ] Source pasta Source Path /usr/bin/pasta Port <Unknown> Host (removed) Source RPM Packages passt-0^20260120.g386b5f5-1.fc43.x86_64 Target RPM Packages SELinux Policy RPM selinux-policy-targeted-43.6-1.fc43.noarch Local Policy RPM Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 6.19.12-200.fc43.x86_64 #1 SMP PREEMPT_DYNAMIC Sun Apr 12 15:26:33 UTC 2026 x86_64 Alert Count 1 First Seen 2026-04-23 10:27:12 BST Last Seen 2026-04-23 10:27:12 BST Local ID 0ec72c70-8f6d-4797-b20a-6229973b39bd Raw Audit Messages type=AVC msg=audit(1776936432.580:444): avc: denied { write } for pid=28006 comm="pasta" path="/home/RokeJulianLockhart/lockfile" dev="nvme1n1p4" ino=64053062 scontext=unconfined_u:unconfined_r:pasta_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 type=SYSCALL msg=audit(1776936432.580:444): arch=x86_64 syscall=execve success=yes exit=0 a0=c00080a0b0 a1=c00086a000 a2=c0001f0388 a3=0 items=2 ppid=27953 pid=28006 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=2 comm=pasta exe=/usr/bin/pasta subj=unconfined_u:unconfined_r:pasta_t:s0-s0:c0.c1023 key=(null) type=CWD msg=audit(1776936432.580:444): cwd=/home/RokeJulianLockhart type=PATH msg=audit(1776936432.580:444): item=0 name=/usr/bin/pasta inode=14454352 dev=00:22 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:pasta_exec_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 type=PATH msg=audit(1776936432.580:444): item=1 name=/lib64/ld-linux-x86-64.so.2 inode=18353458 dev=00:22 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 Hash: pasta,pasta_t,user_home_t,file,write Version-Release number of selected component: selinux-policy-targeted-43.6-1.fc43.noarch Additional info: reporter: libreport-2.17.15 reason: SELinux is preventing /usr/bin/pasta from 'write' accesses on the file /home/RokeJulianLockhart/lockfile. package: selinux-policy-targeted-43.6-1.fc43.noarch component: selinux-policy hashmarkername: setroubleshoot type: libreport kernel: 6.19.12-200.fc43.x86_64 event_log: 2026-04-23-10:27:47> Looking for similar problems in bugzilla comment: This occurred when https://bugzilla.redhat.com/show_bug.cgi?id=2461082#c0 did. component: selinux-policy
Created attachment 2137991 [details] File: description
Created attachment 2137992 [details] File: os_info
switching the component no system service though should access files with user types