> > On 2022-07-12 01:02, Patrick Dupre wrote: > > I do not how to deal wit this issue: in fc34 and fc36. > > > > SELinux security alert recommend the following: > > > > You need to change the label on /var/usermin/miniserv.pid > > # semanage fcontext -a -t FILE_TYPE '/var/usermin/miniserv.pid' > > where FILE_TYPE is one of the following: NetworkManager_etc_rw_t, > > NetworkManager_etc_t, NetworkManager_exec_t, > > etc... > > a long list of FILE_TYPE > > > > Which one should I choose? > > That doesn't appear to be an application that comes from a Fedora > package. Where did you get it from? You should probably ask them about it. You are right, it come from usermin
> > Also, what is the full message you received? You don't need to include > the entire FILE_TYPE list. You need to change the label on /var/usermin/miniserv.pid # semanage fcontext -a -t FILE_TYPE '/var/usermin/miniserv.pid' where FILE_TYPE is one of the following: NetworkManager_etc_rw_t, NetworkManager_etc_t, NetworkManager_exec_t, ...... zoneminder_var_run_t, zos_remote_exec_t. Then execute: restorecon -v '/var/usermin/miniserv.pid' The other recommendation is SELinux is preventing systemd from read access on the file /var/usermin/miniserv.pid. Plugin: catchall SELinux denied access requested by systemd. It is not expected that this access is required by systemd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. If you believe that systemd should be allowed read access on the miniserv.pid file by default. You should report this as a bug. You can generate a local policy module to allow this access. Allow this access for now by executing: # ausearch -c 'systemd' --raw | audit2allow -M my-systemd # semodule -X 300 -i my-systemd.pp But running ausearch -c 'systemd' --raw | audit2allow -M my-systemd and semodule -X 300 -i my-systemd.pp does not help. _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
