SELinux is preventing /usr/lib/systemd/systemd-update-utmp from map access on the file /usr/lib/systemd/systemd.
dougsland opened this issue · 2 comments
dougsland commented
Apr 14 23:54:28 donald.medogz.local setroubleshoot[48705]: SELinux is preventing /usr/lib/systemd/systemd-update-utmp from map access on the file /usr/lib/systemd/systemd.
***** Plugin catchall_boolean (89.3 confidence) suggests ******************
If you want to allow any process to mmap any file on system with attribute file_type.
Then you must tell SELinux about this by enabling the 'domain_can_mmap_files' boolean.
You can read 'qm_selinux' man page for more details.
Do
setsebool -P domain_can_mmap_files 1
***** Plugin catchall (11.6 confidence) suggests **************************
If you believe that systemd-update-utmp should be allowed map access on the systemd file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'systemd-update-' --raw | audit2allow -M my-systemdupdate
# semodule -X 300 -i my-systemdupdate.pp
dougsland commented
I have reproduced this one trying to start qm service with an incomplete setup script or not running a setup script after the rpm package is installed.
dougsland commented
I cannot see this error anymore in the recent source code of QM, closing. Let's reopen in case we see it again.