Description of problem: For some reason, when selinux is in enforcing mode, no outside events get to the orca screen reader (key presses, focus changes). Version-Release number of selected component (if applicable): Selinux-policy 3.14.2-32 How reproducible: Always Steps to Reproduce: 1. Ensure that selinux is in enforcing mode 2. Start orca through the gnome autostart facility Actual results: Orca does not work and a probably related message in its log: Sep 13 13:43:53 believer orca[2381]: AT-SPI: Error in GetItems, sender=(null), error=Did not receive a reply. Possible c auses include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply However, ausearch -p 2381 has no matches. However, when selinux is in permissive mode, Orca works... Expected results: Orca works and no error is printed when enforcing mode is in effect.
Please collect SELinux denials and attach them here: # ausearch -m avc -m user_avc -m selinux_err -m user_selinux_err -i -ts today Based on "Did not receive a reply" messages, there will be SELinux denials (USER_AVC) related to D-bus.
Created attachment 1483251 [details] Selinux denials Yes, the denials are plenty, i just did not see the others because i did not use liberal enough filters, but this is corrected there.
Hello. The last update of the selinux policy and the rest of the packages (basically the last f29 compose which got to the repos) fixed the bug. But if you could still identify the root cause and through some qa or i do not what sort of processes make sure that it does not appear again...
Hi, Yes, I saw that lot of SELinux denials from your report are already fixed. Let's close this ticket and if you catch it again, feel free to re-open it. Thanks, Lukas.