Description of problem: SELinux is preventing /usr/lib/systemd/systemd-user-runtime-dir from 'unlink' accesses on the file user. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that systemd-user-runtime-dir should be allowed unlink access on the user file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'systemd-user-ru' --raw | audit2allow -M my-systemduserru # semodule -X 300 -i my-systemduserru.pp Additional Information: Source Context system_u:system_r:init_t:s0 Target Context unconfined_u:object_r:user_tmp_t:s0 Target Objects user [ file ] Source systemd-user-ru Source Path /usr/lib/systemd/systemd-user-runtime-dir Port <Unknown> Host (removed) Source RPM Packages systemd-239-1.fc29.x86_64 Target RPM Packages Policy RPM selinux-policy-3.14.2-25.fc29.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.16.16-300.fc28.x86_64 #1 SMP Sun Jun 17 03:02:42 UTC 2018 x86_64 x86_64 Alert Count 1 First Seen 2018-06-26 12:25:53 CEST Last Seen 2018-06-26 12:25:53 CEST Local ID be03e31e-776c-4818-bd36-3a443076f5ca Raw Audit Messages type=AVC msg=audit(1530008753.207:276): avc: denied { unlink } for pid=1933 comm="systemd-user-ru" name="user" dev="tmpfs" ino=34361 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=0 type=SYSCALL msg=audit(1530008753.207:276): arch=x86_64 syscall=unlinkat success=no exit=EACCES a0=4 a1=5643505db783 a2=0 a3=5643505d1010 items=2 ppid=1 pid=1933 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=systemd-user-ru exe=/usr/lib/systemd/systemd-user-runtime-dir subj=system_u:system_r:init_t:s0 key=(null) type=CWD msg=audit(1530008753.207:276): cwd=/ type=PATH msg=audit(1530008753.207:276): item=0 name=/ inode=34360 dev=00:35 mode=040700 ouid=991 ogid=988 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PATH msg=audit(1530008753.207:276): item=1 name=user inode=34361 dev=00:35 mode=0100600 ouid=991 ogid=988 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 nametype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 Hash: systemd-user-ru,init_t,user_tmp_t,file,unlink Version-Release number of selected component: selinux-policy-3.14.2-25.fc29.noarch Additional info: component: selinux-policy reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.16.16-300.fc28.x86_64 type: libreport
This bug appears to have been reported against 'rawhide' during the Fedora 29 development cycle. Changing version to '29'.
selinux-policy-3.14.2-34.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-db240a1726
selinux-policy-3.14.2-34.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.