SELinux is preventing /usr/libexec/platform-python3.6 from add_name access on the directory hawkey.log

Solution Verified - Updated -

Issue

The /var/log/messages and audit.log files are spammed with messages:

[root@test]$ cat var/log/messages | grep "SELinux is preventing"
Apr 14 07:40:33 example setroubleshoot[257231]: SELinux is preventing /usr/libexec/platform-python3.6 from add_name access on the directory hawkey.log. For complete SELinux messages run: sealert -l 5a0605fb-7314-4e48-abd5-d0d4ffea1460
Apr 14 07:40:33 example setroubleshoot[257231]: SELinux is preventing /usr/libexec/platform-python3.6 from add_name access on the directory hawkey.log.#012#012*****  Plugin catchall (100. confidence) suggests   **************************#012#012If you believe that platform-python3.6 should be allowed add_name access on the hawkey.log directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'rhsmcertd-worke' --raw | audit2allow -M my-rhsmcertdworke#012# semodule -X 300 -i my-rhsmcertdworke.pp#012


[root@test]$ cat /var/log/audit/audit.log | grep -i avc 
type=AVC msg=audit(1618378828.258:406115): avc:  denied  { create } for  pid=257170 comm="rhsmcertd-worke" name="hawkey.log" scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=1
type=AVC msg=audit(1618378828.258:406115): avc:  denied  { add_name } for  pid=257170 comm="rhsmcertd-worke" name="hawkey.log" scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir permissive=1

Environment

Red Hat Enterprise Linux 8.3.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In