On Sat, 4 Jan 2020 09:51:56 +0100 Lukas Vrabec <lvrabec@xxxxxxxxxx> wrote: > On 12/22/19 10:15 AM, Manfred Lotz wrote: > > Hi there, > > Running Fedora 31 and SELinux still in permissive mode I got > > > > Hi, > > What is the version of selinux-policy package installed on your > system? > > # rpm -q selinux-policy > selinux-policy-3.14.4-43.fc31 installed on December 13. > You can also update selinux-policy package: > > # dnf update selinux-policy > > "setrlimit" permission should be already allowed in F31 selinux-policy > package. (selinux-policy-3.14.4-37.fc31.noarch +) > > Could you please update the package and try to reproduce your issue > again? > Funny is that directly after the last reboot SELinux is preventing systemctl from using the sys_resource capability. showed up again. sealeart shows: type=AVC msg=audit(1577999374.574:304): avc: denied { sys_resource } for pid=1930 comm="systemctl" capability=24 scontext=system_u:system_r:cockpit_ws_t:s0 tcontext=system_u:system_r:cockpit_ws_t:s0 tclass=capability permissive=1 After that it didn't show again. -- Manfred _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx