On Sat, 4 Jan 2020 09:51:56 +0100
Lukas Vrabec <lvrabec(a)redhat.com> wrote:
On 12/22/19 10:15 AM, Manfred Lotz wrote:
> Hi there,
> Running Fedora 31 and SELinux still in permissive mode I got
>
Hi,
What is the version of selinux-policy package installed on your
system?
# rpm -q selinux-policy
selinux-policy-3.14.4-43.fc31 installed on December 13.
You can also update selinux-policy package:
# dnf update selinux-policy
"setrlimit" permission should be already allowed in F31 selinux-policy
package. (selinux-policy-3.14.4-37.fc31.noarch +)
Could you please update the package and try to reproduce your issue
again?
Funny is that directly after the last reboot
SELinux is preventing systemctl from using the sys_resource
capability.
showed up again.
sealeart shows:
type=AVC msg=audit(1577999374.574:304): avc: denied { sys_resource } for pid=1930
comm="systemctl" capability=24
scontext=system_u:system_r:cockpit_ws_t:s0
tcontext=system_u:system_r:cockpit_ws_t:s0 tclass=capability permissive=1
After that it didn't show again.
--
Manfred