On Wed, Nov 19, 2025, at 8:04 AM, François Patte wrote: > Le 19/11/2025 à 16:35, Earl Ramirez a écrit : >> >> On Wed, 19 Nov 2025 at 10:25, François Patte <[email protected]> wrote: >>> Bonjour, >>> >>> Every day I have a selinux alert : >>> >>> SELinux interdit à perl d'utiliser les accès « read, open » sur le fichier >>> /usr/bin/dnf5. >>> >>> SELinux prohibits perl from using “read, open” access on the file >>> /usr/bin/dnf5. >>> >> Bonjour, >> >> There are a few things you can do to see why because without the alert it >> would be difficult for us to provide details >> >> sudo ausearch -m avc -ts recent (this will show you details about the >> denials) > <no matches> >> sudo sealert -a /var/log/audit/audit.log (tell you what is wrong and what to >> do to fix it) >> > Messages d'audit bruts > type=AVC msg=audit(1763544902.387:278): avc: denied { read open } for > pid=10429 comm="perl" path="/usr/bin/dnf5" dev="dm-0" ino=554392 > scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file permissive=0 > > > Hash: perl,logwatch_t,rpm_exec_t,file,read,open
Looks like this is the same issue I had where logwatch would not show the dnf updates from the previous day if SELinux was enforcing. It took 3 or 4 days worth of adding the auto-suggested allows and it finally worked as expected. On the 2nd or 3rd day I simply set SELinux to permissive mode so that the logwatch stuff would work and only turned it back to enforcing once there the alerts/stoppages had been fully addressed. -- _______________________________________________ users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
