Description of problem: Conflict appears after switching (without logout) from user 1 to 2 and next logout user 2 back to user 1 session. SELinux is preventing lightdm-gtk-gre from 'read' accesses on the lnk_file /var/lib/dbus/machine-id. ***** Plugin catchall (100. confidence) suggests ************************** If вы считаете, что lightdm-gtk-gre следует разрешить доступ read к machine-id lnk_file по умолчанию. Then рекомендуется создать отчет об ошибке. Чтобы разрешить доступ, можно создать локальный модуль политики. Do allow this access for now by executing: # ausearch -c 'lightdm-gtk-gre' --raw | audit2allow -M my-lightdmgtkgre # semodule -X 300 -i my-lightdmgtkgre.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:system_dbusd_var_lib_t:s0 Target Objects /var/lib/dbus/machine-id [ lnk_file ] Source lightdm-gtk-gre Source Path lightdm-gtk-gre Port <Неизвестно> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-259.fc26.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.11.9-300.fc26.x86_64 #1 SMP Wed Jul 5 16:21:56 UTC 2017 x86_64 x86_64 Alert Count 25 First Seen 2017-07-12 02:12:31 +04 Last Seen 2017-07-16 18:04:36 +04 Local ID 7864e692-b81b-4508-8569-5d3bc8e156d3 Raw Audit Messages type=AVC msg=audit(1500213876.704:283): avc: denied { read } for pid=4838 comm="lightdm-gtk-gre" name="machine-id" dev="sda2" ino=524390 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:system_dbusd_var_lib_t:s0 tclass=lnk_file permissive=0 Hash: lightdm-gtk-gre,xdm_t,system_dbusd_var_lib_t,lnk_file,read Version-Release number of selected component: selinux-policy-3.13.1-259.fc26.noarch Additional info: component: selinux-policy reporter: libreport-2.9.1 hashmarkername: setroubleshoot kernel: 4.11.9-300.fc26.x86_64 type: libreport
Filesystem was relabeled once when booting cause of editing sudo config file from rescuecd.
selinux-policy-3.13.1-260.3.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-8f02d330ca
selinux-policy-3.13.1-260.3.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-8f02d330ca
selinux-policy-3.13.1-260.3.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.