On Thu, 16 Mar 2023 10:32:27 +0100 Patrick Dupre pdupre@gmx.com wrote:
I get the following SELinux security alert which seems to be difficult to fix because of the number of things to do.
There is really only one thing to do, just run the two commands with the proper selinux context selected as filetype. I think you were overwhelmed by the choices.
Do # semanage fcontext -a -t FILE_TYPE '/var/usermin/miniserv.pid' where FILE_TYPE is the correct context from the list. Then execute: restorecon -v '/var/usermin/miniserv.pid'
Is there a simple thing that I could do?
[snip]
The earlier suggestion was to assign it to the proper selinux context from the list, but I think that this is something you installed, and so it doesn't have a correct context. The below is a direct workaround. It is bypassing selinux for this file, and saying it is OK on your say so.
***** Plugin catchall (17.1 confidence) suggests
If you believe that systemd should be allowed open access on the miniserv.pid file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'systemd' --raw | audit2allow -M my-systemd # semodule -X 300 -i my-systemd.pp