Bug 2059399

Summary: selinux stops plasma5 starting
Product: Red Hat Enterprise Linux 9 Reporter: George <ggr.seaton>
Component: selinux-policyAssignee: Zdenek Pytela <zpytela>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: unspecified    
Version: CentOS StreamCC: bstinson, jwboyer, lvrabec, mmalik, ssekidde
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-03-01 08:06:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description George 2022-02-28 23:22:22 UTC 
Description of problem:
selinux stops plasma5 starting

Version-Release number of selected component (if applicable):
selinux-policy-34.1.26-1.el9.noarch

How reproducible:
always

Steps to Reproduce:
1.install plasma5 from EPEL
2.restart
3.X starts OK, plasmashell is blocked

Actual results:
black X screen with mouse pointer

Expected results:
plasma5 desktop

Additional info:
masking tmpfs.mount stops selinux blocking plasma5 etc

type=AVC msg=audit(1646021061.550:114): avc:  denied  { execmod } for  pid=1255 comm="plasmashell" path=2F6D656D66643A4A4954436F64653A5174516D6C202864656C6574656429 dev="tmpfs" ino=1039 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=0
type=AVC msg=audit(1646021061.991:127): avc:  denied  { execmod } for  pid=1411 comm="plasmashell" path=2F6D656D66643A4A4954436F64653A5174516D6C202864656C6574656429 dev="tmpfs" ino=21 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=0
type=AVC msg=audit(1646021062.499:137): avc:  denied  { execmod } for  pid=1443 comm="plasmashell" path=2F6D656D66643A4A4954436F64653A5174516D6C202864656C6574656429 dev="tmpfs" ino=2066 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=0
type=AVC msg=audit(1646021062.991:147): avc:  denied  { execmod } for  pid=1461 comm="plasmashell" path=2F6D656D66643A4A4954436F64653A5174516D6C202864656C6574656429 dev="tmpfs" ino=7178 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=0
type=AVC msg=audit(1646021063.484:157): avc:  denied  { execmod } for  pid=1479 comm="plasmashell" path=2F6D656D66643A4A4954436F64653A5174516D6C202864656C6574656429 dev="tmpfs" ino=6170 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=0
type=AVC msg=audit(1646021426.335:70): avc:  denied  { execute } for  pid=1055 comm="lightdm-gtk-gre" name="at-spi-bus-launcher" dev="nvme0n1p5" ino=801634 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gnome_atspi_exec_t:s0 tclass=file permissive=0
type=AVC msg=audit(1646021432.815:90): avc:  denied  { execmod } for  pid=1171 comm="ksplashqml" path=2F6D656D66643A4A4954436F64653A5174516D6C202864656C6574656429 dev="tmpfs" ino=1041 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=0
type=AVC msg=audit(1646021433.004:100): avc:  denied  { execmod } for  pid=1243 comm="plasmashell" path=2F6D656D66643A4A4954436F64653A5174516D6C202864656C6574656429 dev="tmpfs" ino=4130 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=0
type=AVC msg=audit(1646021433.442:113): avc:  denied  { execmod } for  pid=1400 comm="plasmashell" path=2F6D656D66643A4A4954436F64653A5174516D6C202864656C6574656429 dev="tmpfs" ino=30 scontext=
Comment 1 George 2022-02-28 23:24:10 UTC 
Seems to be similar or same as Fedora bug
https://bugzilla.redhat.com/show_bug.cgi?id=1781466
Comment 2 Zdenek Pytela 2022-03-01 08:06:30 UTC 

*** This bug has been marked as a duplicate of bug 2058657 ***