Description of problem: Version-Release number of selected component (if applicable): selinux-policy-3.13.1-202.fc25.noarch How reproducible: Always Steps to Reproduce: 1. Install Fedora-Workstation-Live-x86_64-Rawhide-20160718.n.0.iso 2. 3. Actual results: Notification appears during installation, SELinux Troubleshooter lists: SELinux is preventing gdbus from write access on the fifo_file /run/systemd/inhibit/1.ref. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gdbus should be allowed write access on the 1.ref fifo_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gdbus' --raw | audit2allow -M my-gdbus # semodule -X 300 -i my-gdbus.pp Additional Information: Source Context system_u:system_r:modemmanager_t:s0 Target Context system_u:object_r:systemd_logind_inhibit_var_run_t :s0 Target Objects /run/systemd/inhibit/1.ref [ fifo_file ] Source gdbus Source Path gdbus Port <Unknown> Host localhost Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-202.fc25.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost Platform Linux localhost 4.7.0-0.rc7.git3.1.fc25.x86_64 #1 SMP Fri Jul 15 21:02:08 UTC 2016 x86_64 x86_64 Alert Count 1 First Seen 2016-07-30 17:36:07 EDT Last Seen 2016-07-30 17:36:07 EDT Local ID 45b142a5-5759-4e7a-97d3-a7880cc2525c Raw Audit Messages type=AVC msg=audit(1469914567.936:102): avc: denied { write } for pid=989 comm="gdbus" path="/run/systemd/inhibit/1.ref" dev="tmpfs" ino=19043 scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:object_r:systemd_logind_inhibit_var_run_t:s0 tclass=fifo_file permissive=0 Hash: gdbus,modemmanager_t,systemd_logind_inhibit_var_run_t,fifo_file,write Expected results: No SELinux denials during installation Additional info:
I've encountered this too. Actually, I think it's not exactly related to installation. Booting the live and logging to Gnome seems enough, in order to trigger the denial.