SELinux is preventing 11-dhclient from add_name access on the directory
chrony.servers.wlp8s0.
***** Plugin catchall (100. confidence) suggests
**************************
If you believe that 11-dhclient should be allowed add_name access on the
chrony.servers.wlp8s0 directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c '11-dhclient' --raw | audit2allow -M my-11dhclient
# semodule -X 300 -i my-11dhclient.pp
Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:object_r:dhcpc_state_t:s0
Target Objects chrony.servers.wlp8s0 [ dir ]
Source 11-dhclient
Source Path 11-dhclient
Port <Unknown>
Host castor
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.14.4-40.fc31.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name castor
Platform Linux castor 5.3.12-300.fc31.x86_64 #1 SMP
Thu Nov
21 22:52:07 UTC 2019 x86_64 x86_64
Alert Count 2
First Seen 2019-11-30 18:03:35 CET
Last Seen 2019-12-01 11:16:46 CET
Local ID 0370e7fd-a826-4c80-8239-747a7528c5af
Raw Audit Messages
type=AVC msg=audit(1575195406.740:277): avc: denied { add_name } for
pid=1466 comm="11-dhclient" name="chrony.servers.wlp8s0"
scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=dir permissive=0
Hash: 11-dhclient,NetworkManager_t,dhcpc_state_t,dir,add_name
--
Using Opera's mail client: http://www.opera.com/mail/