Often when I install using dnf, I get an SE Linux alert. Details as follows. I did some searching and what I found I did not understand. Hoping to get some more advice. It’s does not seem to affect anything, just annoying.
SELinux is preventing sss_cache from using the setgid capability.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that sss_cache should have the setgid capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
ausearch -c ‘sss_cache’ --raw | audit2allow -M my-ssscache
semodule -X 300 -i my-ssscache.pp
Additional Information:
Source Context unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023
Target Context unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023
Target Objects Unknown [ capability ]
Source sss_cache
Source Path sss_cache
Port
Host ROCKHOUND
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-35.6-1.fc35.noarch
Local Policy RPM selinux-policy-targeted-35.6-1.fc35.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name ROCKHOUND
Platform Linux ROCKHOUND 5.15.6-200.fc35.x86_64 #1 SMP Wed
Dec 1 13:41:10 UTC 2021 x86_64 x86_64
Alert Count 8
First Seen 2021-12-11 16:41:07 CST
Last Seen 2021-12-11 16:53:29 CST
Local ID f3be675b-1cf5-40e3-b8e4-xxxxxxxx
Raw Audit Messages
type=AVC msg=audit(1639263209.992:1248): avc: denied { setgid } for pid=83731 comm=“sss_cache” capability=6 scontext=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 tclass=capability permissive=0
Hash: sss_cache,useradd_t,useradd_t,capability,setgid