Check for expected files failed going from 18.0.3 to 4

Tried to update my NC 18.0.3 to version 18.0.4, but it didn’t succeed.

When I click “Start update” in the web updater I get back

Check for expected files
The following extra files have been found:

  • my-df.te
  • my-df.pp

But no further info what to do about it. Any advice?

Search the files in your nextcloud-path and move them to a place outside nextcloud or to /dev/null :wink:

Where do these files come from? Why are they considered a blocking issue for version 18.0.4?

The files are definitely not part of the Nextcloud package. Open it and check its content to get an idea where they’re coming from. Nextcloud in general verifies the content of its package and all files, which are not part of the original package, are generating the mentioned security warning.

Both of the files were created on 2020-03-31 (and last modified)
my-df.pp: SE Linux modular policy version 1, 1 sections, mod version 19, MLS, module name my-df\003
my-df.te: ASCII text

Content of my-df.te is
module my-df 1.0;

require {
type httpd_t;
type configfs_t;
class dir getattr;

#============= httpd_t ==============

#!!! The file ‘/sys/kernel/config’ is mislabeled on your system.
#!!! Fix with $ restorecon -R -v /sys/kernel/config
allow httpd_t configfs_t:dir getattr;

That’s wahat aunt G. knows about it:

A bit confused what to make of this.

I checked the page …/nextcloud/index.php/settings/admin/logging and it shows no entries for 2020-03-31 (the day those two files were created). And I don’t remember if I did anything special with NC on that day.

journalctl shows the following message four times for that day

setroubleshoot[10294]: failed to retrieve rpm info for /sys/kernel/config
setroubleshoot[10294]: SELinux is preventing /usr/bin/df from getattr access on the directory /sys/kernel/config. For complete SELinux messages run: sealert -l 1ad922aa-ce69-42b1-8753-64820b6a2917
python[10294]: SELinux is preventing /usr/bin/df from getattr access on the directory /sys/kernel/config.

                                  *****  Plugin catchall (100. confidence) suggests   **************************
                                  If you believe that df should be allowed getattr access on the config directory by default.
                                  Then you should report this as a bug.
                                  You can generate a local policy module to allow this access.
                                  allow this access for now by executing:
                                  # ausearch -c 'df' --raw | audit2allow -M my-df
                                  # semodule -i my-df.pp

Should I just delete those two files or should I make some changes to SELinux?