SELinux is preventing /usr/libexec/platform-python3.6 from add_name access on the directory hawkey.log
Issue
The /var/log/messages and audit.log files are spammed with messages:
[root@test]$ cat var/log/messages | grep "SELinux is preventing"
Apr 14 07:40:33 example setroubleshoot[257231]: SELinux is preventing /usr/libexec/platform-python3.6 from add_name access on the directory hawkey.log. For complete SELinux messages run: sealert -l 5a0605fb-7314-4e48-abd5-d0d4ffea1460
Apr 14 07:40:33 example setroubleshoot[257231]: SELinux is preventing /usr/libexec/platform-python3.6 from add_name access on the directory hawkey.log.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that platform-python3.6 should be allowed add_name access on the hawkey.log directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'rhsmcertd-worke' --raw | audit2allow -M my-rhsmcertdworke#012# semodule -X 300 -i my-rhsmcertdworke.pp#012
[root@test]$ cat /var/log/audit/audit.log | grep -i avc
type=AVC msg=audit(1618378828.258:406115): avc: denied { create } for pid=257170 comm="rhsmcertd-worke" name="hawkey.log" scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=1
type=AVC msg=audit(1618378828.258:406115): avc: denied { add_name } for pid=257170 comm="rhsmcertd-worke" name="hawkey.log" scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir permissive=1
Environment
Red Hat Enterprise Linux 8.3.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
