On Thu, 16 Mar 2023 10:32:27 +0100 Patrick Dupre <pdupre@xxxxxxx> wrote: > I get the following SELinux security alert which seems to be difficult > to fix because of the number of things to do. There is really only one thing to do, just run the two commands with the proper selinux context selected as filetype. I think you were overwhelmed by the choices. Do # semanage fcontext -a -t FILE_TYPE '/var/usermin/miniserv.pid' where FILE_TYPE is the correct context from the list. Then execute: restorecon -v '/var/usermin/miniserv.pid' > Is there a simple thing that I could do? [snip] The earlier suggestion was to assign it to the proper selinux context from the list, but I think that this is something you installed, and so it doesn't have a correct context. The below is a direct workaround. It is bypassing selinux for this file, and saying it is OK on your say so. > ***** Plugin catchall (17.1 confidence) suggests > ************************** > > If you believe that systemd should be allowed open access on the > miniserv.pid file by default. Then you should report this as a bug. > You can generate a local policy module to allow this access. > Do > allow this access for now by executing: > # ausearch -c 'systemd' --raw | audit2allow -M my-systemd > # semodule -X 300 -i my-systemd.pp _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
