SELinux: systemd-tmpfile (NNNN) wrote to checkreqprot

gnwiii · May 16, 2026, 3:34pm

Yesterday I started seeing this:

% journalctl --no-hostname -g checkreqprot
[omitted about 100 previous boot entries with no checkreqprot entries]
-- Boot 401fbdc7051949dfba98912ff5b5fa61 --
May 15 08:40:41 kernel: SELinux: systemd-tmpfile (1359) wrote to checkreqprot. This is no longer supported.
-- Boot 674a8aae5347411191788a542f47c062 --
-- Boot 7481fe72a103480dac6c020144fb232e --
May 15 21:18:58 kernel: SELinux: systemd-tmpfile (1347) wrote to checkreqprot. This is no longer supported.
-- Boot 9df6823430a34899aa290dde325f6c52 --
May 16 10:34:00 kernel: SELinux: systemd-tmpfile (1362) wrote to checkreqprot. This is no longer supported.
-- Boot e979215e4dac43c18655578f80346930 --
May 16 10:36:32 kernel: SELinux: systemd-tmpfile (1352) wrote to checkreqprot. This is no longer supported.
-- Boot 8fb4856ed36044e3b325e4db916dded9 --
May 16 10:38:52 kernel: SELinux: systemd-tmpfile (1339) wrote to checkreqprot. This is no longer supported.

Support ended long ago: https://github.com/torvalds/linux/blob/master/Documentation/ABI/removed/sysfs-selinux-checkreqprot so strange that this messages popped up recently.

anotheruser · May 16, 2026, 6:05pm

$ grep -i checkreqprot /lib/tmpfiles.d/*
/lib/tmpfiles.d/selinux-policy.conf:w /sys/fs/selinux/checkreqprot - - - - 0

$ rpm -qf /lib/tmpfiles.d/selinux-policy.conf
selinux-policy-44.1-1.fc44.noarch

started yesterday

$ journalctl -g checkreqprot --no-hostname
-- Boot 667475de01e44f388892172f3f08ada2 --
-- Boot 5689cd9a9aa64f6f8818aaa5be422b8f --
-- Boot d117f08a7d6e4c4e964e539245f36916 --
May 15 12:42:11 kernel: SELinux: systemd-tmpfile (1019) wrote to checkreqprot. This is no longer supported.
-- Boot 7342509abd08462a9fa49bb874b5041f --
May 15 23:34:47 kernel: SELinux: systemd-tmpfile (1167) wrote to checkreqprot. This is no longer supported.

johnh99 · May 18, 2026, 1:31pm

I am getting this, too, for the last several days. Reinstalled systemd and selinux, with no effect. It just showed up out of the blue.

SELinux: systemd-tmpfile (1148) wrote to checkreqprot. This is no longer supported.

???

vekruse · May 18, 2026, 2:58pm

It comes from the line

w /sys/fs/selinux/checkreqprot - - - - 0

in the file /usr/lib/tmpfiles.d/selinux-policy.conf.

It seems that the new kernel doesn’t like that any more.

@gnwiii already identified that issue, and of you want to get it fixed a bugreport against selinux may be needed.

fxzxmicah · May 19, 2026, 8:30pm

rlmenge · May 19, 2026, 10:17pm

The error is just now appearing because a new commit was merged into the kernel. This commit removes all the processing and logs the error when checkreqprot is touched.
selinux: prune /sys/fs/selinux/checkreqprot - kernel/git/stable/linux.git - Linux kernel stable tree

The commit was also backported to 6.18
6.18: selinux: prune /sys/fs/selinux/checkreqprot - kernel/git/stable/linux.git - Linux kernel stable tree

Topic		Replies	Views
Fedora 41 systemd selinux denial Ask Fedora selinux , f41	7	475	March 13, 2025
SElinux blocking issues list F41 Ask Fedora kde-plasma , selinux , f41	6	1093	January 9, 2025
"SELinux has detected a problem." with "systemd-user-ru" at every boot Ask Fedora kde , selinux , f42	8	1970	April 24, 2025
SELinux is blocking systemd-logind integrity check after upgrading to Fedora 40 Ask Fedora gnome , workstation , f40	1	413	October 17, 2024
SELinux denial when systemd unit try to log to /dev/tty1 Project Discussion coreos-wg	0	826	August 11, 2021

SELinux: systemd-tmpfile (NNNN) wrote to checkreqprot

Related topics