SELinux is preventing ps from using the sys_admin capability

tonywalker · May 13, 2025, 12:23am

I have a fresh install of Kinoite 42 and am getting the following message in my logs:
“SELinux is preventing ps from using the sys_admin capability”
This message is preceded by:
“failed to retrieve rpm info for path ‘/etc/selinux/targeted/active/modules/200/pcp’”
These messages appear every 30 minutes, so often enough that it irritates me but not enough to overflow my logs.

I can use audit2allow to make this go away, but granting this to ps seems overkill. It seems to be related to Cockpit, which I am running. Is there a better solution and is this a bug I should report?

barryascott · May 14, 2025, 11:43am

FYI I’m not an selinux expert.

You could try using fixfiles on /usr/bin/ps and see if anything changes.
See man fixfiles for how to use the command.

vsert · May 14, 2025, 12:42pm

Related thread on SELinux and Kinoite that can be of help Various SElinux denials in Fedora Kinoite (not specific to ps/cockpit).

Topic		Replies	Views
SELinux is preventing /usr/bin/ps from using the sys_admin capability Ask Fedora	1	103	May 16, 2025
SELinux is preventing systemd-gpt-aut from using the 'sys_admin' capabilities Ask Fedora	4	731	December 7, 2022
Selinux crashes Flatpak version of VScodium on Fedora KDE Spin 40 Ask Fedora kde , flatpak , security , selinux , coredump	14	848	January 30, 2025
Various SElinux denials in Fedora Kinoite Ask Fedora immutable , kinoite , silverblue , atomic-desktops	2	136	May 13, 2025
SELinux Confined users: only user_u is launching the Desktop? Ask Fedora kde , kde-plasma , selinux , kinoite , f40 , selinux-confined-users	21	209	August 3, 2024

SELinux is preventing ps from using the sys_admin capability

Related topics