Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Description of problem:
SELinux is preventing (fwupd) from 'mounton' accesses on the directory /var/lib/fwupd.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that (fwupd) should be allowed mounton access on the fwupd directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c '(fwupd)' --raw | audit2allow -M my-fwupd
# semodule -X 300 -i my-fwupd.pp
Additional Information:
Source Context system_u:system_r:init_t:s0
Target Context system_u:object_r:fwupd_var_lib_t:s0
Target Objects /var/lib/fwupd [ dir ]
Source (fwupd)
Source Path (fwupd)
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages fwupd-0.8.1-1.fc26.x86_64
Policy RPM selinux-policy-3.13.1-246.fc27.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 4.10.0-1.fc26.x86_64 #1 SMP Mon
Feb 20 14:51:52 UTC 2017 x86_64 x86_64
Alert Count 2
First Seen 2017-03-20 10:43:44 CET
Last Seen 2017-03-20 10:55:51 CET
Local ID 831971bb-c404-406b-bd08-3da3518154b4
Raw Audit Messages
type=AVC msg=audit(1490003751.568:239): avc: denied { mounton } for pid=2550 comm="(fwupd)" path="/var/lib/fwupd" dev="dm-1" ino=930750 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:fwupd_var_lib_t:s0 tclass=dir permissive=0
Hash: (fwupd),init_t,fwupd_var_lib_t,dir,mounton
Version-Release number of selected component:
selinux-policy-3.13.1-246.fc27.noarch
Additional info:
component: selinux-policy
reporter: libreport-2.9.1
hashmarkername: setroubleshoot
kernel: 4.10.0-1.fc26.x86_64
type: libreport
Potential duplicate: bug 1432759
I don't remember to have this issue recently.
$ rpm -q selinux-policy
selinux-policy-3.13.1-252.fc27.noarch
*** This bug has been marked as a duplicate of bug 1429341 ***
Description of problem: SELinux is preventing (fwupd) from 'mounton' accesses on the directory /var/lib/fwupd. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that (fwupd) should be allowed mounton access on the fwupd directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c '(fwupd)' --raw | audit2allow -M my-fwupd # semodule -X 300 -i my-fwupd.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context system_u:object_r:fwupd_var_lib_t:s0 Target Objects /var/lib/fwupd [ dir ] Source (fwupd) Source Path (fwupd) Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages fwupd-0.8.1-1.fc26.x86_64 Policy RPM selinux-policy-3.13.1-246.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.10.0-1.fc26.x86_64 #1 SMP Mon Feb 20 14:51:52 UTC 2017 x86_64 x86_64 Alert Count 2 First Seen 2017-03-20 10:43:44 CET Last Seen 2017-03-20 10:55:51 CET Local ID 831971bb-c404-406b-bd08-3da3518154b4 Raw Audit Messages type=AVC msg=audit(1490003751.568:239): avc: denied { mounton } for pid=2550 comm="(fwupd)" path="/var/lib/fwupd" dev="dm-1" ino=930750 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:fwupd_var_lib_t:s0 tclass=dir permissive=0 Hash: (fwupd),init_t,fwupd_var_lib_t,dir,mounton Version-Release number of selected component: selinux-policy-3.13.1-246.fc27.noarch Additional info: component: selinux-policy reporter: libreport-2.9.1 hashmarkername: setroubleshoot kernel: 4.10.0-1.fc26.x86_64 type: libreport Potential duplicate: bug 1432759