Bug 1644313 - SELinux is preventing systemd-user-ru from 'read' accesses on the directory dbus-1.
Summary: SELinux is preventing systemd-user-ru from 'read' accesses on the directory d...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 29
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:5a0fc536e22d6a51a5e9b57600c...
: 1613635 1644783 1645364 1645498 1645569 1645592 1645685 1645721 1645774 1645819 1645838 1645858 1645914 1646725 1646939 1647121 1647138 1683505 1695487 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-10-30 12:57 UTC by Matt Fagnani
Modified: 2019-08-18 01:56 UTC (History)
150 users (show)

Fixed In Version: selinux-policy-3.14.2-64.fc29
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-08-18 01:56:20 UTC


Attachments (Terms of Use)

Description Matt Fagnani 2018-10-30 12:57:25 UTC
Description of problem:
I upgraded to systemd-239-6.git9f3aed1.fc29 from Koji. When I logged into Plasma twice after the systemd update, I saw the following denial of systemd-user-ru reading dbus-1 both times.
SELinux is preventing systemd-user-ru from 'read' accesses on the directory dbus-1.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that systemd-user-ru should be allowed read access on the dbus-1 directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'systemd-user-ru' --raw | audit2allow -M my-systemduserru
# semodule -X 300 -i my-systemduserru.pp

Additional Information:
Source Context                system_u:system_r:init_t:s0
Target Context                unconfined_u:object_r:session_dbusd_tmp_t:s0
Target Objects                dbus-1 [ dir ]
Source                        systemd-user-ru
Source Path                   systemd-user-ru
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.14.2-40.fc29.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.18.16-300.fc29.i686 #1 SMP Sat
                              Oct 20 23:24:23 UTC 2018 i686 i686
Alert Count                   1
First Seen                    2018-10-29 19:00:20 EDT
Last Seen                     2018-10-29 19:00:20 EDT
Local ID                      0a27e642-2591-4cc8-82ed-35cc27318de0

Raw Audit Messages
type=AVC msg=audit(1540854020.470:439): avc:  denied  { read } for  pid=14237 comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=155422 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=dir permissive=0


Hash: systemd-user-ru,init_t,session_dbusd_tmp_t,dir,read

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
component:      selinux-policy
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.i686
type:           libreport

Comment 1 Jonathan Haas 2018-11-01 18:42:34 UTC
Description of problem:
Started system after latest update, appeared immediately without action after login.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 2 enrico 2018-11-01 20:25:21 UTC
Description of problem:
Just logged into gnome

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 3 Ryan 2018-11-01 21:13:18 UTC
Description of problem:
Alert appears at every session log in. 

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 4 Ed Marshall 2018-11-01 21:51:13 UTC
Description of problem:
Logged in after powering up my laptop, was presented with this shortly after the desktop appeared.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 5 Cyber Trekker 2018-11-02 01:46:34 UTC
Description of problem:
Through the usual steps of booting into the operating system, logging in to my user account, then into the desktop environment to be confronted with this alert of a problem.


Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 6 Chris Stackhouse 2018-11-02 02:06:37 UTC
Description of problem:
Thid problem only occurs on system startup

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 7 Michael Wiktowy 2018-11-02 02:54:20 UTC
Description of problem:
Updated Fedora with latest updates
Upgraded:
  CGAL-4.13-1.fc29.x86_64                                                                   NetworkManager-openvpn-1:1.8.8-1.fc29.x86_64                                        
  NetworkManager-openvpn-gnome-1:1.8.8-1.fc29.x86_64                                        OpenImageIO-1.8.15-1.fc29.x86_64                                                    
  alsa-lib-1.1.7-2.fc29.i686                                                                alsa-lib-1.1.7-2.fc29.x86_64                                                        
  alsa-plugins-pulseaudio-1.1.7-2.fc29.i686                                                 alsa-plugins-pulseaudio-1.1.7-2.fc29.x86_64                                         
  alsa-tools-firmware-1.1.7-2.fc29.x86_64                                                   alsa-ucm-1.1.7-2.fc29.noarch                                                        
  alsa-utils-1.1.7-2.fc29.x86_64                                                            autocorr-en-1:6.1.2.1-1.fc29.noarch                                                 
  cairo-1.16.0-1.fc29.i686                                                                  cairo-1.16.0-1.fc29.x86_64                                                          
  cairo-gobject-1.16.0-1.fc29.i686                                                          cairo-gobject-1.16.0-1.fc29.x86_64                                                  
  clamav-0.100.2-2.fc29.x86_64                                                              clamav-data-0.100.2-2.fc29.noarch                                                   
  clamav-filesystem-0.100.2-2.fc29.noarch                                                   clamav-lib-0.100.2-2.fc29.x86_64                                                    
  clamav-update-0.100.2-2.fc29.x86_64                                                       coreutils-8.30-5.fc29.x86_64                                                        
  coreutils-common-8.30-5.fc29.x86_64                                                       cpp-8.2.1-4.fc29.x86_64                                                             
  curl-7.61.1-3.fc29.x86_64                                                                 dracut-049-11.git20181024.fc29.x86_64                                               
  dracut-config-rescue-049-11.git20181024.fc29.x86_64                                       dracut-network-049-11.git20181024.fc29.x86_64                                       
  duplicity-0.7.18.2-1.fc29.x86_64                                                          environment-modules-4.2.0-1.fc29.x86_64                                             
  f29-backgrounds-base-29.1.3-1.fc29.noarch                                                 f29-backgrounds-gnome-29.1.3-1.fc29.noarch                                          
  firefox-63.0-2.fc29.x86_64                                                                flatpak-1.0.4-1.fc29.x86_64                                                         
  flatpak-libs-1.0.4-1.fc29.x86_64                                                          freerdp-2:2.0.0-46.20181008git00af869.fc29.x86_64                                   
  freerdp-libs-2:2.0.0-46.20181008git00af869.fc29.x86_64                                    freetype-2.9.1-3.fc29.i686                                                          
  freetype-2.9.1-3.fc29.x86_64                                                              fwupd-1.1.3-1.fc29.x86_64                                                           
  gcc-8.2.1-4.fc29.x86_64                                                                   gcc-c++-8.2.1-4.fc29.x86_64                                                         
  gcc-gdb-plugin-8.2.1-4.fc29.x86_64                                                        gd-2.2.5-7.fc29.x86_64                                                              
  gdal-libs-2.3.2-1.fc29.x86_64                                                             geoclue2-2.4.13-1.fc29.x86_64                                                       
  geoclue2-libs-2.4.13-1.fc29.x86_64                                                        glusterfs-5.0-1.fc29.x86_64                                                         
  glusterfs-api-5.0-1.fc29.x86_64                                                           glusterfs-cli-5.0-1.fc29.x86_64                                                     
  glusterfs-client-xlators-5.0-1.fc29.x86_64                                                glusterfs-fuse-5.0-1.fc29.x86_64                                                    
  glusterfs-libs-5.0-1.fc29.x86_64                                                          gnome-abrt-1.2.6-8.fc29.x86_64                                                      
  gnome-boxes-3.30.2-1.fc29.x86_64                                                          gnome-characters-3.30.0-1.fc29.x86_64                                               
  hplip-3.18.6-9.fc29.x86_64                                                                hplip-common-3.18.6-9.fc29.x86_64                                                   
  hplip-gui-3.18.6-9.fc29.x86_64                                                            hplip-libs-3.18.6-9.fc29.x86_64                                                     
  ibus-libpinyin-1.10.91-1.fc29.x86_64                                                      ibus-typing-booster-2.1.3-1.fc29.noarch                                             
  imsettings-1.7.3-6.fc29.x86_64                                                            imsettings-gsettings-1.7.3-6.fc29.x86_64                                            
  imsettings-libs-1.7.3-6.fc29.x86_64                                                       imsettings-qt-1.7.3-6.fc29.x86_64                                                   
  iwl100-firmware-39.31.5.1-88.fc29.noarch                                                  iwl1000-firmware-1:39.31.5.1-88.fc29.noarch                                         
  iwl105-firmware-18.168.6.1-88.fc29.noarch                                                 iwl135-firmware-18.168.6.1-88.fc29.noarch                                           
  iwl2000-firmware-18.168.6.1-88.fc29.noarch                                                iwl2030-firmware-18.168.6.1-88.fc29.noarch                                          
  iwl3160-firmware-1:25.30.13.0-88.fc29.noarch                                              iwl3945-firmware-15.32.2.9-88.fc29.noarch                                           
  iwl4965-firmware-228.61.2.24-88.fc29.noarch                                               iwl5000-firmware-8.83.5.1_1-88.fc29.noarch                                          
  iwl5150-firmware-8.24.2.2-88.fc29.noarch                                                  iwl6000-firmware-9.221.4.1-88.fc29.noarch                                           
  iwl6000g2a-firmware-18.168.6.1-88.fc29.noarch                                             iwl6000g2b-firmware-18.168.6.1-88.fc29.noarch                                       
  iwl6050-firmware-41.28.5.1-88.fc29.noarch                                                 iwl7260-firmware-1:25.30.13.0-88.fc29.noarch                                        
  java-1.8.0-openjdk-1:1.8.0.181.b15-6.fc29.x86_64                                          java-1.8.0-openjdk-devel-1:1.8.0.181.b15-6.fc29.x86_64                              
  java-1.8.0-openjdk-headless-1:1.8.0.181.b15-6.fc29.x86_64                                 jbigkit-libs-2.1-15.fc29.i686                                                       
  jbigkit-libs-2.1-15.fc29.x86_64                                                           julietaula-montserrat-fonts-1:7.200-4.fc29.noarch                                   
  langtable-0.0.39-1.fc29.noarch                                                            langtable-data-0.0.39-1.fc29.noarch                                                 
  libSM-1.2.3-1.fc29.i686                                                                   libSM-1.2.3-1.fc29.x86_64                                                           
  libX11-1.6.7-1.fc29.i686                                                                  libX11-1.6.7-1.fc29.x86_64                                                          
  libX11-common-1.6.7-1.fc29.noarch                                                         libX11-xcb-1.6.7-1.fc29.i686                                                        
  libX11-xcb-1.6.7-1.fc29.x86_64                                                            libarchive-3.3.3-1.fc29.x86_64                                                      
  libatomic-8.2.1-4.fc29.i686                                                               libatomic-8.2.1-4.fc29.x86_64                                                       
  libcurl-7.61.1-3.fc29.i686                                                                libcurl-7.61.1-3.fc29.x86_64                                                        
  libertas-usb8388-firmware-2:20181008-88.gitc6b6265d.fc29.noarch                           libgcc-8.2.1-4.fc29.i686                                                            
  libgcc-8.2.1-4.fc29.x86_64                                                                libgfortran-8.2.1-4.fc29.x86_64                                                     
  libgomp-8.2.1-4.fc29.x86_64                                                               libinput-1.12.2-1.fc29.x86_64                                                       
  libipa_hbac-2.0.0-4.fc29.x86_64                                                           liblouis-3.7.0-2.fc29.x86_64                                                        
  libosinfo-1.2.0-5.fc29.x86_64                                                             libpinyin-2.2.1-1.fc29.x86_64                                                       
  libpinyin-data-2.2.1-1.fc29.x86_64                                                        libquadmath-8.2.1-4.fc29.x86_64                                                     
  libreoffice-calc-1:6.1.2.1-1.fc29.x86_64                                                  libreoffice-core-1:6.1.2.1-1.fc29.x86_64                                            
  libreoffice-data-1:6.1.2.1-1.fc29.noarch                                                  libreoffice-draw-1:6.1.2.1-1.fc29.x86_64                                            
  libreoffice-filters-1:6.1.2.1-1.fc29.x86_64                                               libreoffice-graphicfilter-1:6.1.2.1-1.fc29.x86_64                                   
  libreoffice-gtk2-1:6.1.2.1-1.fc29.x86_64                                                  libreoffice-gtk3-1:6.1.2.1-1.fc29.x86_64                                            
  libreoffice-help-en-1:6.1.2.1-1.fc29.x86_64                                               libreoffice-impress-1:6.1.2.1-1.fc29.x86_64                                         
  libreoffice-langpack-en-1:6.1.2.1-1.fc29.x86_64                                           libreoffice-math-1:6.1.2.1-1.fc29.x86_64                                            
  libreoffice-ogltrans-1:6.1.2.1-1.fc29.x86_64                                              libreoffice-opensymbol-fonts-1:6.1.2.1-1.fc29.noarch                                
  libreoffice-pdfimport-1:6.1.2.1-1.fc29.x86_64                                             libreoffice-pyuno-1:6.1.2.1-1.fc29.x86_64                                           
  libreoffice-ure-1:6.1.2.1-1.fc29.x86_64                                                   libreoffice-ure-common-1:6.1.2.1-1.fc29.noarch                                      
  libreoffice-writer-1:6.1.2.1-1.fc29.x86_64                                                libreoffice-x11-1:6.1.2.1-1.fc29.x86_64                                             
  libreoffice-xsltfilter-1:6.1.2.1-1.fc29.x86_64                                            libreofficekit-1:6.1.2.1-1.fc29.x86_64                                              
  libsane-hpaio-3.18.6-9.fc29.x86_64                                                        libssh-0.8.4-1.fc29.i686                                                            
  libssh-0.8.4-1.fc29.x86_64                                                                libsss_autofs-2.0.0-4.fc29.x86_64                                                   
  libsss_certmap-2.0.0-4.fc29.x86_64                                                        libsss_idmap-2.0.0-4.fc29.x86_64                                                    
  libsss_nss_idmap-2.0.0-4.fc29.x86_64                                                      libsss_sudo-2.0.0-4.fc29.x86_64                                                     
  libstdc++-8.2.1-4.fc29.i686                                                               libstdc++-8.2.1-4.fc29.x86_64                                                       
  libstdc++-devel-8.2.1-4.fc29.x86_64                                                       libtasn1-4.13-5.fc29.i686                                                           
  libtasn1-4.13-5.fc29.x86_64                                                               libtiff-4.0.9-13.fc29.i686                                                          
  libtiff-4.0.9-13.fc29.x86_64                                                              libwinpr-2:2.0.0-46.20181008git00af869.fc29.x86_64                                  
  libxcrypt-4.2.2-1.fc29.i686                                                               libxcrypt-4.2.2-1.fc29.x86_64                                                       
  libxcrypt-common-4.2.2-1.fc29.noarch                                                      libxcrypt-devel-4.2.2-1.fc29.x86_64                                                 
  libzhuyin-2.2.1-1.fc29.x86_64                                                             linux-firmware-20181008-88.gitc6b6265d.fc29.noarch                                  
  lirc-core-0.10.0-14.fc29.x86_64                                                           lirc-libs-0.10.0-14.fc29.x86_64                                                     
  lorax-29.18-1.fc29.x86_64                                                                 lorax-templates-generic-29.18-1.fc29.x86_64                                         
  mariadb-3:10.3.10-1.fc29.x86_64                                                           mariadb-backup-3:10.3.10-1.fc29.x86_64                                              
  mariadb-common-3:10.3.10-1.fc29.x86_64                                                    mariadb-cracklib-password-check-3:10.3.10-1.fc29.x86_64                             
  mariadb-errmsg-3:10.3.10-1.fc29.x86_64                                                    mariadb-gssapi-server-3:10.3.10-1.fc29.x86_64                                       
  mariadb-rocksdb-engine-3:10.3.10-1.fc29.x86_64                                            mariadb-server-3:10.3.10-1.fc29.x86_64                                              
  mariadb-server-utils-3:10.3.10-1.fc29.x86_64                                              mariadb-tokudb-engine-3:10.3.10-1.fc29.x86_64                                       
  mkvtoolnix-27.0.0-2.fc29.x86_64                                                           mkvtoolnix-gui-27.0.0-2.fc29.x86_64                                                 
  mod_http2-1.11.1-1.fc29.x86_64                                                            opencc-1.0.5-3.fc29.x86_64                                                          
  openldap-2.4.46-9.fc29.i686                                                               openldap-2.4.46-9.fc29.x86_64                                                       
  opensc-0.19.0-2.fc29.x86_64                                                               opus-1.3-1.fc29.x86_64                                                              
  osinfo-db-20181011-1.fc29.noarch                                                          patch-2.7.6-7.fc29.x86_64                                                           
  perl-Glib-1.328-1.fc29.x86_64                                                             perl-Module-CoreList-1:5.20181020-1.fc29.noarch                                     
  perl-XML-XPath-1.43-1.fc29.noarch                                                         php-7.2.11-1.fc29.x86_64                                                            
  php-cli-7.2.11-1.fc29.x86_64                                                              php-common-7.2.11-1.fc29.x86_64                                                     
  php-fpm-7.2.11-1.fc29.x86_64                                                              php-gd-7.2.11-1.fc29.x86_64                                                         
  php-gmp-7.2.11-1.fc29.x86_64                                                              php-intl-7.2.11-1.fc29.x86_64                                                       
  php-json-7.2.11-1.fc29.x86_64                                                             php-mbstring-7.2.11-1.fc29.x86_64                                                   
  php-mysqlnd-7.2.11-1.fc29.x86_64                                                          php-pdo-7.2.11-1.fc29.x86_64                                                        
  php-pecl-igbinary-2.0.8-1.fc29.x86_64                                                     php-pecl-zip-1.15.4-1.fc29.x86_64                                                   
  php-pgsql-7.2.11-1.fc29.x86_64                                                            php-process-7.2.11-1.fc29.x86_64                                                    
  php-symfony-browser-kit-2.8.46-1.fc29.noarch                                              php-symfony-class-loader-2.8.46-1.fc29.noarch                                       
  php-symfony-common-2.8.46-1.fc29.noarch                                                   php-symfony-config-2.8.46-1.fc29.noarch                                             
  php-symfony-console-2.8.46-1.fc29.noarch                                                  php-symfony-css-selector-2.8.46-1.fc29.noarch                                       
  php-symfony-debug-2.8.46-1.fc29.noarch                                                    php-symfony-dependency-injection-2.8.46-1.fc29.noarch                               
  php-symfony-dom-crawler-2.8.46-1.fc29.noarch                                              php-symfony-event-dispatcher-2.8.46-1.fc29.noarch                                   
  php-symfony-expression-language-2.8.46-1.fc29.noarch                                      php-symfony-filesystem-2.8.46-1.fc29.noarch                                         
  php-symfony-finder-2.8.46-1.fc29.noarch                                                   php-symfony-http-foundation-2.8.46-1.fc29.noarch                                    
  php-symfony-http-kernel-2.8.46-1.fc29.noarch                                              php-symfony-process-2.8.46-1.fc29.noarch                                            
  php-symfony-var-dumper-2.8.46-1.fc29.noarch                                               php-symfony-yaml-2.8.46-1.fc29.noarch                                               
  php-symfony3-common-3.4.17-1.fc29.noarch                                                  php-symfony3-console-3.4.17-1.fc29.noarch                                           
  php-symfony3-debug-3.4.17-1.fc29.noarch                                                   php-symfony3-filesystem-3.4.17-1.fc29.noarch                                        
  php-symfony3-finder-3.4.17-1.fc29.noarch                                                  php-symfony3-process-3.4.17-1.fc29.noarch                                           
  php-xml-7.2.11-1.fc29.x86_64                                                              pipewire-0.2.3-2.fc29.x86_64                                                        
  pipewire-libs-0.2.3-2.fc29.x86_64                                                         poppler-0.67.0-2.fc29.x86_64                                                        
  poppler-glib-0.67.0-2.fc29.x86_64                                                         poppler-utils-0.67.0-2.fc29.x86_64                                                  
  python-unversioned-command-2.7.15-11.fc29.noarch                                          python2-2.7.15-11.fc29.x86_64                                                       
  python2-langtable-0.0.39-1.fc29.noarch                                                    python2-libs-2.7.15-11.fc29.x86_64                                                  
  python2-paramiko-2.4.2-1.fc29.noarch                                                      python2-pygame-1.9.4-4.fc29.x86_64                                                  
  python2-pygithub-1.39-4.fc29.noarch                                                       python2-rpm-4.14.2.1-1.fc29.x86_64                                                  
  python2-sssdconfig-2.0.0-4.fc29.noarch                                                    python2-tkinter-2.7.15-11.fc29.x86_64                                               
  python3-3.7.1-1.fc29.x86_64                                                               python3-langtable-0.0.39-1.fc29.noarch                                              
  python3-libs-3.7.1-1.fc29.x86_64                                                          python3-louis-3.7.0-2.fc29.noarch                                                   
  python3-pygithub-1.39-4.fc29.noarch                                                       python3-rpm-4.14.2.1-1.fc29.x86_64                                                  
  python3-sssdconfig-2.0.0-4.fc29.noarch                                                    python3-tkinter-3.7.1-1.fc29.x86_64                                                 
  qt-1:4.8.7-44.fc29.x86_64                                                                 qt-assistant-1:4.8.7-44.fc29.x86_64                                                 
  qt-common-1:4.8.7-44.fc29.noarch                                                          qt-x11-1:4.8.7-44.fc29.x86_64                                                       
  rng-tools-6.3.1-2.fc29.x86_64                                                             rpm-4.14.2.1-1.fc29.x86_64                                                          
  rpm-build-4.14.2.1-1.fc29.x86_64                                                          rpm-build-libs-4.14.2.1-1.fc29.x86_64                                               
  rpm-libs-4.14.2.1-1.fc29.x86_64                                                           rpm-plugin-selinux-4.14.2.1-1.fc29.x86_64                                           
  rpm-plugin-systemd-inhibit-4.14.2.1-1.fc29.x86_64                                         rpm-sign-libs-4.14.2.1-1.fc29.x86_64                                                
  rsyslog-8.38.0-1.fc29.x86_64                                                              rubberband-1.8.2-1.fc29.x86_64                                                      
  skkdic-20181016-1.T1609.fc29.noarch                                                       sssd-2.0.0-4.fc29.x86_64                                                            
  sssd-ad-2.0.0-4.fc29.x86_64                                                               sssd-client-2.0.0-4.fc29.x86_64                                                     
  sssd-common-2.0.0-4.fc29.x86_64                                                           sssd-common-pac-2.0.0-4.fc29.x86_64                                                 
  sssd-ipa-2.0.0-4.fc29.x86_64                                                              sssd-kcm-2.0.0-4.fc29.x86_64                                                        
  sssd-krb5-2.0.0-4.fc29.x86_64                                                             sssd-krb5-common-2.0.0-4.fc29.x86_64                                                
  sssd-ldap-2.0.0-4.fc29.x86_64                                                             sssd-nfs-idmap-2.0.0-4.fc29.x86_64                                                  
  sssd-proxy-2.0.0-4.fc29.x86_64                                                            sugar-0.112-5.fc29.noarch                                                           
  sugar-cp-all-0.112-5.fc29.noarch                                                          sugar-cp-background-0.112-5.fc29.noarch                                             
  sugar-cp-backup-0.112-5.fc29.noarch                                                       sugar-cp-datetime-0.112-5.fc29.noarch                                               
  sugar-cp-frame-0.112-5.fc29.noarch                                                        sugar-cp-keyboard-0.112-5.fc29.noarch                                               
  sugar-cp-language-0.112-5.fc29.noarch                                                     sugar-cp-modemconfiguration-0.112-5.fc29.noarch                                     
  sugar-cp-network-0.112-5.fc29.noarch                                                      sugar-cp-updater-0.112-5.fc29.noarch                                                
  sugar-cp-webaccount-0.112-5.fc29.noarch                                                   system-config-printer-libs-1.5.11-13.fc29.noarch                                    
  system-config-printer-udev-1.5.11-13.fc29.x86_64                                          systemd-239-6.git9f3aed1.fc29.x86_64                                                
  systemd-container-239-6.git9f3aed1.fc29.x86_64                                            systemd-libs-239-6.git9f3aed1.fc29.i686                                             
  systemd-libs-239-6.git9f3aed1.fc29.x86_64                                                 systemd-pam-239-6.git9f3aed1.fc29.x86_64                                            
  systemd-udev-239-6.git9f3aed1.fc29.x86_64                                                 systemtap-sdt-devel-4.0-1.fc29.x86_64                                               
  telnet-1:0.17-75.fc29.x86_64                                                              vamp-plugin-sdk-2.7.1-1.fc29.x86_64                                                 
  vim-minimal-2:8.1.483-1.fc29.x86_64                                                       vinagre-3.22.0-11.fc29.x86_64                                                       
  webkit2gtk3-2.22.2-2.fc29.x86_64                                                          webkit2gtk3-jsc-2.22.2-2.fc29.x86_64                                                
  webkit2gtk3-plugin-process-gtk2-2.22.2-2.fc29.x86_64                                      xdg-desktop-portal-1.0.3-1.fc29.x86_64                                              
  xorg-x11-drv-libinput-0.28.1-1.fc29.x86_64                                                xorg-x11-server-Xorg-1.20.2-1.fc29.x86_64                                           
  xorg-x11-server-Xwayland-1.20.2-1.fc29.x86_64                                             xorg-x11-server-common-1.20.2-1.fc29.x86_64                                         
  yum-utils-1.1.31-518.fc29.noarch                                                          rpmfusion-free-appstream-data-29-4.20181021.fc29.noarch                             
  faac-1.29.9.2-4.fc29.x86_64                                                               rpmfusion-nonfree-appstream-data-29-3.20181021.fc29.noarch                          


Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 8 Daniel Kelly 2018-11-02 06:29:11 UTC
Description of problem:
updated to latest sepolicy in f29 (from f28 upgrade)

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 9 orangeclk 2018-11-02 07:19:33 UTC
Description of problem:
When I start up my computer, the SELinux system give me this message.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 10 Frank OLaughlin 2018-11-02 07:21:59 UTC
Description of problem:
This occurred on boot up 15 seconds after the desktop loads. It occurs each time

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-200.fc28.x86_64
type:           libreport

Comment 11 Kamil Páral 2018-11-02 08:12:20 UTC
Description of problem:
Just logged in after a dnf update.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 12 nuno ferreira 2018-11-02 08:23:34 UTC
Description of problem:
happens every time after login on gnome desktop

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 13 eriklovlie 2018-11-02 08:43:38 UTC
Same happened to me after upgrading from 28 to 29. With so many confirmed reports it would be nice to have someone set the severity and priority and start looking at a fix. Sounds like pretty much all upgrades will encounter this issue (at least my fedora 28 installation was very standard).

Comment 14 tberberick 2018-11-02 10:49:32 UTC
Description of problem:
Received SElinux alert after systemd update.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 15 Warren Lewis 2018-11-02 11:21:28 UTC
Description of problem:
Happened after booting and logging in.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 16 dirk.stiehler 2018-11-02 11:25:14 UTC
*** Bug 1645498 has been marked as a duplicate of this bug. ***

Comment 17 Nicolas Humblot 2018-11-02 12:09:27 UTC
Description of problem:
Alert displayed after login

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 18 Dominik 'Rathann' Mierzejewski 2018-11-02 12:17:19 UTC
Description of problem:
I upgraded F28 to F29 and logged in.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 19 Matt Fagnani 2018-11-02 12:19:14 UTC
The denial of systemd-user-ru reading the directory dbus-1 occurred after "Stopping User Runtime Directory /run/user/955..." in my journal messages. user 955 is lightdm which is the display manager I'm using. I ran the following
1. sudo ausearch -c 'systemd-user-ru' --raw | audit2allow -M my-systemduserru
2. sudo semodule -X 300 -i my-systemduserru.pp
3. Log out of Plasma
4. Log into Plasma

I got the following denials of write and rmdir between systemd-user-ru and dbus-1 in the audit logs

type=AVC msg=audit(1541156610.808:303): avc:  denied  { write } for  pid=2079 comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=34729 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=dir permissive=0

type=AVC msg=audit(1541156610.816:304): avc:  denied  { rmdir } for  pid=2079 comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=34729 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=dir permissive=0

After running those four steps again, I got the denial of remove_name between systemd-user-ru and dbus-1 

type=AVC msg=audit(1541157206.303:367): avc:  denied  { remove_name } for  pid=2845 comm="systemd-user-ru" name="services" dev="tmpfs" ino=43444 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=dir permissive=0

I saw no further denials when logging out and back in to Plasma and GNOME. Adding the following line to the policy might resolve these denials 
allow init_t session_dbusd_tmp_t:dir { read remove_name rmdir write };

When I logged out of Plasma and ran sudo systemctl stop lightdm then sudo systemctl start gdm from VT2, the gdm service started but gdm didn't appear. The journal messages showed the same denial of systemd-user-ru reading the directory dbus-1. 

The following change in systemd-239-6.git9f3aed1.fc29 might be related to these denials. "Creation of user runtime directories is improved, and the user manager is only stopped after 10 s after the user logs out (#1642460 and other bugs)"
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c402eea18b

Comment 20 Jonathon Poppleton 2018-11-02 12:30:44 UTC
Description of problem:
I opened the skype flatpak for the first time when the selinux error appeared.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 21 Bob John 2018-11-02 13:03:56 UTC
Description of problem:
I've no idea how this happened.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 22 mo 2018-11-02 14:41:40 UTC
*** Bug 1645569 has been marked as a duplicate of this bug. ***

Comment 23 eriklovlie 2018-11-02 15:06:35 UTC
Ok... since that bug is secret but seems resolved (based on the strikethrough style) maybe you can share the workaround or ETA for a yum fix?

Comment 24 David Messent 2018-11-02 15:24:55 UTC
*** Bug 1645592 has been marked as a duplicate of this bug. ***

Comment 25 mauson 2018-11-02 15:57:23 UTC
Description of problem:
après le démarrage
une fois l'écran avec l'arrière plan ouvert

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 26 Dmitry Dyachenko 2018-11-02 16:15:28 UTC
Description of problem:
reboot after upgrade from Fedora 28 to Fedora 29

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 27 Lukas Vrabec 2018-11-02 16:32:49 UTC
*** Bug 1645364 has been marked as a duplicate of this bug. ***

Comment 28 Matt Fagnani 2018-11-02 16:40:37 UTC
eriklovlie@gmail.com, I'm not a Fedora maintainer/developer so I don't have access to #1642460 I'm just guessing from reading through the list of changes at https://bodhi.fedoraproject.org/updates/FEDORA-2018-c402eea18b
based on what I wrote above and the journal message "systemd[1]: Stopped User Manager for UID 955." also occurred right before the denial of systemd-user-ru. Adding the line allow init_t session_dbusd_tmp_t:dir { read remove_name rmdir write }; with semodule as a local policy rule should be a workaround until an official fix is available.

A line I wrote above should have been After running those four steps again, I got the denial of remove_name between systemd-user-ru and the directory services (maybe /run/user/955/services). I ran the part about gdm before I ran the steps involving ausearch and semodule. The journal message "at-spi-bus-launcher[1751]: Failed to launch bus: Failed to execute child process ?/usr/bin/dbus-broker-launch? (No such file or directory)" happened when I tried to start gdm. I installed dbus-broker based on that and that error no longer showed up, but gdm still didn't start the X server properly. The issue with gdm wasn't just the denials related to systemd.

Comment 29 Lukas Vrabec 2018-11-02 16:46:16 UTC
*** Bug 1644783 has been marked as a duplicate of this bug. ***

Comment 30 suyogsuper 2018-11-02 18:19:08 UTC
Description of problem:
ELinux is preventing systemd-user-ru from read access on the directory dbus-1.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that systemd-user-ru should be allowed read access on the dbus-1 directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'systemd-user-ru' --raw | audit2allow -M my-systemduserru
# semodule -X 300 -i my-systemduserru.pp

Additional Information:
Source Context                system_u:system_r:init_t:s0
Target Context                unconfined_u:object_r:session_dbusd_tmp_t:s0
Target Objects                dbus-1 [ dir ]
Source                        systemd-user-ru
Source Path                   systemd-user-ru
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.14.2-40.fc29.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux wealthseeker 4.18.16-300.fc29.x86_64 #1 SMP
                              Sat Oct 20 23:24:08 UTC 2018 x86_64 x86_64
Alert Count                   1
First Seen                    2018-11-02 23:24:31 IST
Last Seen                     2018-11-02 23:24:31 IST
Local ID                      829fa64f-1c1d-4ff9-9322-e6797371c97f

Raw Audit Messages
type=AVC msg=audit(1541181271.603:223): avc:  denied  { read } for  pid=1545 comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=31623 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=dir permissive=0


Hash: systemd-user-ru,init_t,session_dbusd_tmp_t,dir,read

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 31 Matteo Arrighi 2018-11-02 19:02:47 UTC
Description of problem:
I've just upgraded from Fedora 28 to Fedora 29 and every time I boot and then login into my account I receive this SELinux error message. I have done nothing if not upgrade the distro.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 32 Pete Walter 2018-11-02 19:19:51 UTC
Description of problem:
Installed all updates on F29 (updates-testing was enabled) and this error popped up

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 33 jaume 2018-11-02 19:29:55 UTC
Description of problem:
Rendering video in blender

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 34 Kim 2018-11-02 19:56:45 UTC
Description of problem:
Came after upgrading to Fedora 29 and first boot into Fedora 29. I have no idea why. 

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 35 jesus13x 2018-11-02 20:37:39 UTC
*** Bug 1645685 has been marked as a duplicate of this bug. ***

Comment 36 Salvador Ortiz 2018-11-02 21:05:00 UTC
Description of problem:
After a clean upgrade to F29, at first login SELinux Alert browser show this problem.

Version-Release number of selected component:
selinux-policy-(none):3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 37 David Messent 2018-11-02 22:40:39 UTC
I just did a reinstall using the new "UNOFFICIAL" image and after updating and rebooting the selinux warning never appeared. The re-installation also fixed bug 1399811.

Comment 38 Jean-Pierre Rupp 2018-11-02 23:47:58 UTC
*** Bug 1645721 has been marked as a duplicate of this bug. ***

Comment 39 Jonathon Poppleton 2018-11-03 00:06:10 UTC
Description of problem:
Logged in to mate desktop when error appeared

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 40 Nikolaos Perrakis 2018-11-03 00:58:43 UTC
Description of problem:
I had a Fedora Mate Workstation 28 in a VM. After upgrading to Fedora 29 this selinux bug appears after logging in.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 41 revoman 2018-11-03 02:02:49 UTC
Description of problem:
Just upgraded from Fedora 28 to Fedora 29.  

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 42 Ed Greshko 2018-11-03 02:14:11 UTC
I had been running an F29 system that was upgraded to F28 just fine, until today.

I now have this issue after 

   Upgrade  systemd-239-6.git9f3aed1.fc29.x86_64           @updates
   Upgrade  systemd-container-239-6.git9f3aed1.fc29.x86_64 @updates
   Upgrade  systemd-libs-239-6.git9f3aed1.fc29.x86_64      @updates
   Upgrade  systemd-pam-239-6.git9f3aed1.fc29.x86_64       @updates
   Upgrade  systemd-udev-239-6.git9f3aed1.fc29.x86_64      @updates

If I downgrade those packages, it is back to no AVC being generated.

Comment 43 suyogsuper 2018-11-03 03:21:38 UTC
Description of problem:
This problem has ocurred after dnf -y upgrade on Fedora 29.

SELinux is preventing systemd-user-ru from read access on the directory dbus-1.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that systemd-user-ru should be allowed read access on the dbus-1 directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'systemd-user-ru' --raw | audit2allow -M my-systemduserru
# semodule -X 300 -i my-systemduserru.pp

Additional Information:
Source Context                system_u:system_r:init_t:s0
Target Context                unconfined_u:object_r:session_dbusd_tmp_t:s0
Target Objects                dbus-1 [ dir ]
Source                        systemd-user-ru
Source Path                   systemd-user-ru
Port                          <Unknown>
Host                          wealthseeker
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.14.2-40.fc29.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     wealthseeker
Platform                      Linux wealthseeker 4.18.16-300.fc29.x86_64 #1 SMP
                              Sat Oct 20 23:24:08 UTC 2018 x86_64 x86_64
Alert Count                   2
First Seen                    2018-11-02 23:24:31 IST
Last Seen                     2018-11-03 08:46:24 IST
Local ID                      829fa64f-1c1d-4ff9-9322-e6797371c97f

Raw Audit Messages
type=AVC msg=audit(1541214984.368:224): avc:  denied  { read } for  pid=1486 comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=29468 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=dir permissive=0


Hash: systemd-user-ru,init_t,session_dbusd_tmp_t,dir,read

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 44 Mark Hinterthuer 2018-11-03 06:30:49 UTC
Description of problem:
I was starting my hp laptop Fedora 29 with xfce4 and this error keeps popping up

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 45 Aleksej Shhepilov 2018-11-03 08:14:17 UTC
Description of problem:
have fun

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 46 Ted Rossier 2018-11-03 12:33:20 UTC
Description of problem:
Alert appeared after upgrading to Fedora Workstation 29.  Repeats upon reboot after ignoring.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 47 dzmat 2018-11-03 14:56:50 UTC
Description of problem:
First boot after upgrading f28 -> f29. 
F28 was freshly relabeled using touch /.autorelabel 1 day before upgrading. 

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.i686
type:           libreport

Comment 48 Ash Hughes 2018-11-03 15:28:20 UTC
Description of problem:
login after upgrade to fedora 29

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 49 friedrich.grosse 2018-11-03 17:19:55 UTC
Description of problem:
I upgraded to Fedora 28 and saw this error message after I rebooted the system for the first time.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 50 suyogsuper 2018-11-03 17:20:47 UTC
Description of problem:
SELinux is preventing systemd-user-ru from read access on the directory dbus-1.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that systemd-user-ru should be allowed read access on the dbus-1 directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'systemd-user-ru' --raw | audit2allow -M my-systemduserru
# semodule -X 300 -i my-systemduserru.pp

Additional Information:
Source Context                system_u:system_r:init_t:s0
Target Context                unconfined_u:object_r:session_dbusd_tmp_t:s0
Target Objects                dbus-1 [ dir ]
Source                        systemd-user-ru
Source Path                   systemd-user-ru
Port                          <Unknown>
Host                          WealthSeeker
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.14.2-40.fc29.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     WealthSeeker
Platform                      Linux WealthSeeker 4.18.16-300.fc29.x86_64 #1 SMP
                              Sat Oct 20 23:24:08 UTC 2018 x86_64 x86_64
Alert Count                   6
First Seen                    2018-11-03 21:06:47 IST
Last Seen                     2018-11-03 22:44:06 IST
Local ID                      dde8ef55-638b-45d3-a661-5283edeb7bce

Raw Audit Messages
type=AVC msg=audit(1541265246.660:350): avc:  denied  { read } for  pid=6277 comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=81080 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=dir permissive=0


Hash: systemd-user-ru,init_t,session_dbusd_tmp_t,dir,read

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 51 xzj8b3 2018-11-03 19:38:20 UTC
Description of problem:
Defaulth 

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 52 Gene Snider 2018-11-03 22:00:06 UTC
Description of problem:
At first boot after using dnf system-upgrade from fc28 to fc29.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 53 jpk8686 2018-11-03 23:30:56 UTC
Description of problem:
This poblem occured simply just but uading from 28 to 29

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 54 Lukas Vrabec 2018-11-04 00:02:14 UTC
*** Bug 1645774 has been marked as a duplicate of this bug. ***

Comment 55 Lukas Vrabec 2018-11-04 00:20:32 UTC
Hi All, 

It looks like I found workaround here, it works for me but could you please test it? 

# semanage fcontext -a -t systemd_logind_exec_t /usr/lib/systemd/systemd-user-runtime-dir
# restorecon -v /usr/lib/systemd/systemd-user-runtime-dir

It fixed my rawhide, if somebody confirm that it fixing your systems, I'll create selinux-policy updates ASAP.

Comment 56 Ed Greshko 2018-11-04 00:41:18 UTC
(In reply to Lukas Vrabec from comment #55)


I've just tested in an F29 VM and it has fixed the issue for me.

Comment 57 Salvador Ortiz 2018-11-04 01:28:54 UTC
(In reply to Lukas Vrabec from comment #55)

The change indeed fixed the issue in my F29

Thanks.

Comment 58 Lastiko33 2018-11-04 01:31:48 UTC

(In reply to Lukas Vrabec from comment #55)

Same for Me. The change indeed fixed the issue in my F29

Thanks.

Comment 59 Al O 2018-11-04 01:43:12 UTC
Description of problem:
This happened at login (KDE)

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 60 Matthew Taylor 2018-11-04 03:13:27 UTC
Description of problem:
Logged in, then opened the Terminal application.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 61 Christian Kujau 2018-11-04 03:19:00 UTC
Description of problem:
After upgrading from F28 to F29, this alert is displayed right after logging in to Gnome. Example from the boot log:



# sealert -l 06716cca-0d0b-4668-b50e-1804c85081f1
/usr/bin/sealert:32: DeprecationWarning: Importing dbus.glib to use the GLib main loop with dbus-python is deprecated.
Instead, use this sequence:

    from dbus.mainloop.glib import DBusGMainLoop

    DBusGMainLoop(set_as_default=True)

  import dbus.glib
SELinux is preventing systemd-user-ru from read access on the directory dbus-1.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that systemd-user-ru should be allowed read access on the dbus-1 directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'systemd-user-ru' --raw | audit2allow -M my-systemduserru
# semodule -X 300 -i my-systemduserru.pp


Additional Information:
Source Context                system_u:system_r:init_t:s0
Target Context                unconfined_u:object_r:session_dbusd_tmp_t:s0
Target Objects                dbus-1 [ dir ]
Source                        systemd-user-ru
Source Path                   systemd-user-ru
Port                          <Unknown>
Host                          horus
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.14.2-40.fc29.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     horus
Platform                      Linux horus 4.18.16-300.fc29.x86_64 #1 SMP Sat Oct
                              20 23:24:08 UTC 2018 x86_64 x86_64
Alert Count                   1
First Seen                    2018-11-03 20:06:35 PDT
Last Seen                     2018-11-03 20:06:35 PDT
Local ID                      06716cca-0d0b-4668-b50e-1804c85081f1

Raw Audit Messages
type=AVC msg=audit(1541300795.811:331): avc:  denied  { read } for  pid=2860 comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=43189 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=dir permissive=0


Hash: systemd-user-ru,init_t,session_dbusd_tmp_t,dir,read


Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 62 Emre Döner 2018-11-04 04:41:50 UTC
Description of problem:
Happens every boot

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 63 j2pnet 2018-11-04 07:39:58 UTC
Description of problem:
in opening my user environnement

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 64 raynaud 2018-11-04 08:02:47 UTC
Description of problem:
At boot.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 65 Matus 2018-11-04 09:49:43 UTC
Description of problem:
i have no idea what coused the problem, i am not very skilled linux user, i even do not know if it is a bug or what is it, hope it helps.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 66 Lukas Vrabec 2018-11-04 10:05:47 UTC
commit 004021c7803c138cada8d7f97d96fcd03d7650e3 (HEAD -> f29, origin/f29)
Author: Lukas Vrabec <lvrabec@redhat.com>
Date:   Sun Nov 4 01:41:29 2018 +0100

    Label systemd-user-runtime-dir binary as systemd_logind_exec_t BZ(1644313)

Comment 67 Fedora Update System 2018-11-04 10:06:58 UTC
selinux-policy-3.14.2-41.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-506e97bb9b

Comment 68 Lukas Vrabec 2018-11-04 10:08:30 UTC
*** Bug 1645838 has been marked as a duplicate of this bug. ***

Comment 69 Lukas Vrabec 2018-11-04 10:21:13 UTC
*** Bug 1645819 has been marked as a duplicate of this bug. ***

Comment 70 Lukas Vrabec 2018-11-04 10:21:15 UTC
*** Bug 1613635 has been marked as a duplicate of this bug. ***

Comment 71 Lucas 2018-11-04 12:48:37 UTC
*** Bug 1645858 has been marked as a duplicate of this bug. ***

Comment 72 mathieu.tarral 2018-11-04 15:32:54 UTC
Description of problem:
this SELinux alert opens everytime I log into my desktop, Gnome/Plasma/MATE/Cinnamon
100% reproducible

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-200.fc28.x86_64
type:           libreport

Comment 73 Mohamed Baig 2018-11-04 17:35:15 UTC
Description of problem:
just logged in

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 74 Lukas Vrabec 2018-11-04 20:20:28 UTC
*** Bug 1645914 has been marked as a duplicate of this bug. ***

Comment 75 fabio.pellicano 2018-11-04 20:58:36 UTC
Description of problem:
At system startup


Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 76 Michael Erwin 2018-11-04 23:06:19 UTC
(In reply to Lukas Vrabec from comment #55)
> Hi All, 
> 
> It looks like I found workaround here, it works for me but could you please
> test it? 
> 
> # semanage fcontext -a -t systemd_logind_exec_t
> /usr/lib/systemd/systemd-user-runtime-dir
> # restorecon -v /usr/lib/systemd/systemd-user-runtime-dir
> 
> It fixed my rawhide, if somebody confirm that it fixing your systems, I'll
> create selinux-policy updates ASAP.

Lukas, that fixed my upgraded F26>F27>F28>F29 workstation. As well as my various QA F29 environments. That is a good fix Sir.

Comment 77 Fedora Update System 2018-11-05 04:19:16 UTC
selinux-policy-3.14.2-41.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-506e97bb9b

Comment 78 Doncho Gunchev 2018-11-05 10:15:41 UTC
Description of problem:
I just updated the system (dnf update --exclude dstat) and rebooted. After logging in to KDE I got this message. It appeared on my PC and my Laptop also.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 79 jasuarez 2018-11-05 10:34:48 UTC
Description of problem:
This happens when I log into gnome desktop.

Upgraded from F28 to F29.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 80 Doncho Gunchev 2018-11-05 10:38:06 UTC
selinux-policy-3.14.2-41.fc29.noarch fixes the problem, sorry for the noise.

Comment 81 Айфф 2018-11-05 18:04:50 UTC
Description of problem:
Updated from Fedora 28 to Fedora 29.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 82 dan 2018-11-05 18:24:31 UTC
Description of problem:
Review of journal after reboot showed this error.  It seems to occur after
dbus-daemon[987]: [system] Activating service name='org.fedoraproject.Setroubleshootd' requested by ':1.27' 

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 83 xzj8b3 2018-11-05 18:50:43 UTC
Description of problem:
defaulth

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 84 Peter Stevens 2018-11-05 18:55:30 UTC
Description of problem:
used dnf to upgrade from 28 to 29, then installed kernel update, then selinux alert occurred on reboot.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.16.12-300.fc28.x86_64+debug
type:           libreport

Comment 85 Sjoerd Mullender 2018-11-05 19:07:48 UTC
Description of problem:
I rebooted, logged in, and then saw this alert.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 86 CreativeWay 2018-11-05 21:58:06 UTC
*** Bug 1646725 has been marked as a duplicate of this bug. ***

Comment 87 Richard L. England 2018-11-06 01:02:39 UTC
Description of problem:
Added a largish set of updates via dnfdragora and this error occured after a reboot.


Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 88 Gene Snider 2018-11-06 02:28:33 UTC
Installed Packages
selinux-policy.noarch                    3.14.2-42.fc29            @@commandline
selinux-policy-devel.noarch              3.14.2-42.fc29            @@commandline
selinux-policy-targeted.noarch           3.14.2-42.fc29            @@commandline

These packages from koji fixed this for me.

Gene

Comment 89 charles profitt 2018-11-06 03:11:37 UTC
selinux-policy-3.14.2-41.fc29 resolves the issue for me.

Comment 90 Frans Filasta Pratama 2018-11-06 08:10:34 UTC
Description of problem:
This problem happen immidiately after booting to Fedora 29. 


Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 91 Nikita Bige 2018-11-06 11:00:59 UTC
*** Bug 1646939 has been marked as a duplicate of this bug. ***

Comment 92 Isaque Galdino 2018-11-06 13:12:02 UTC
Description of problem:
This problem happens every time a login to my GNOME session in Fedora 29. Fedora 28 was fine.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 93 Alan Conway 2018-11-06 14:29:06 UTC
Description of problem:
Started happening after upgrade fedora 28->29 using default "Software" app online upgrade.
Alert on each login.
Tried `fixfiles reboot`, still occurs.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 94 pimou 2018-11-06 14:48:00 UTC
Description of problem:
Since update to Fedora 29

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 95 Lukas Vrabec 2018-11-06 17:46:41 UTC
*** Bug 1647121 has been marked as a duplicate of this bug. ***

Comment 96 Farley 2018-11-06 18:04:54 UTC
*** Bug 1647138 has been marked as a duplicate of this bug. ***

Comment 97 Andrew J. Caines 2018-11-06 19:43:24 UTC
Description of problem:
Log into Gnome desktop after upgrading Fedora 28 to 29.


Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 98 PeterVDanies 2018-11-06 20:02:41 UTC
Description of problem:
During a OS upgrade to 29 from 28

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 99 Rogers 2018-11-06 22:17:49 UTC
Description of problem:
Booted on Fedora KDE Spin 29 Bug occured imediantly.  

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 100 Fedora Update System 2018-11-07 02:40:58 UTC
selinux-policy-3.14.2-41.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Comment 101 Ken Sugawara 2018-11-07 06:06:27 UTC
Description of problem:
it happens during system startup

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 102 Martijn Kruiten 2018-11-07 11:13:40 UTC
Description of problem:
This happens after every boot.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 103 Maxim Prohorenko 2018-11-07 12:14:42 UTC
Description of problem:
Reboot
Login to KDE
Error


Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 104 Lassi Ylikojola 2018-11-07 13:08:15 UTC
I'm getting:
dnf search -v selinux-policy |grep 3.14
Provide    : selinux-policy = 3.14.2-40.fc29

And not selinux-policy-3.14.2-41.fc29

Maybe we have to wait.

(In reply to Fedora Update System from comment #100)
> selinux-policy-3.14.2-41.fc29 has been pushed to the Fedora 29 stable
> repository. If problems still persist, please make note of it in this bug
> report.

Comment 105 Martijn Kruiten 2018-11-07 14:45:35 UTC
dnf --enablerepo=updates-testing update selinux-policy

That should do the trick. Otherwise wait for it to hit the updates repository.

Comment 106 Brian Lane 2018-11-07 16:38:12 UTC
Description of problem:
Running my XFCE desktop. No idea what triggers it.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 107 raynaud 2018-11-07 16:47:43 UTC
(In reply to raynaud from comment #64)
> Description of problem:
> At boot.
> 
> Version-Release number of selected component:
> selinux-policy-3.14.2-40.fc29.noarch
> 
> Additional info:
> reporter:       libreport-2.9.6
> hashmarkername: setroubleshoot
> kernel:         4.18.16-300.fc29.x86_64
> type:           libreport

Solved after the update to 3.14.2-41.fc29

Comment 108 Marko Bevc 2018-11-07 16:54:58 UTC
Same here +1

Comment 109 Douglas Campbell 2018-11-09 04:02:08 UTC
Description of problem:
xfce click on "activities"

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 110 Conrad Thompson Jr 2018-11-10 22:08:53 UTC
Description of problem:
Just opened my laptop from being in sleep for a couple of days and got this error 

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 111 Mohamed Baig 2018-11-11 16:22:07 UTC
Description of problem:
just started my computer

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.17-300.fc29.x86_64
type:           libreport

Comment 112 Keith Bennett 2018-11-14 00:02:15 UTC
Description of problem:
* Not 100% sure which packages were installed but this is a fresh installation of Fedora 29 Cinnamon spin
* AVC denial message pops up as soon as I log in and the window manager starts.

I assume that some package which was installed does not play nice with SELinux even in its default configuration.

Version-Release number of selected component:
selinux-policy-3.14.2-41.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 113 Johnny 2018-11-14 17:02:38 UTC
Description of problem:
Error appeared after an OS upgrade.

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 114 Brian J. Murrell 2018-11-22 16:16:20 UTC
Description of problem:
Not sure how this happened

Version-Release number of selected component:
selinux-policy-3.14.2-40.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.19.2-301.fc29.x86_64
type:           libreport

Comment 115 Akarshan Biswas 2018-11-28 07:25:04 UTC
Description of problem:
Steps to Reproduce:

1)Boot up Fedora KDE spin
2)See this Selinux problem everytime.

Frequency of occurance:
 Everytime on boot.


Version-Release number of selected component:
selinux-policy-3.14.2-42.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.19.3-300.fc29.x86_64
type:           libreport

Comment 116 Jan T. 2018-11-29 02:32:37 UTC
Description of problem:
Problem se vyskytl hned po startu systemu.
Zadna aplikace jeste nebezi.

Version-Release number of selected component:
selinux-policy-3.14.2-42.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.19.2-301.fc29.x86_64
type:           libreport

Comment 117 Jeremy Petersen 2018-12-06 19:53:10 UTC
This is still occurring with a fresh install of FC29, with (the latest) selinux-policy-3.14.2-42.fc29 installed. Why has this been closed?

Is there some manual step that needs to be taken to clear it up?

Comment 118 Matt Fagnani 2018-12-07 16:51:14 UTC
(In reply to Jeremy Petersen from comment #117)
> This is still occurring with a fresh install of FC29, with (the latest)
> selinux-policy-3.14.2-42.fc29 installed. Why has this been closed?
> 
> Is there some manual step that needs to be taken to clear it up?

This entry was closed because selinux-policy-3.14.2-41.fc29 was pushed to stable as shown in comment 100 above. If systemd-239-6.git9f3aed1 were upgraded after selinux-policy-3.14.2-42 on a system, then /usr/lib/systemd/systemd-user-runtime-dir might have been mislabelled init_t instead of systemd_logind_exec_t. Running the following lines as root suggested by Lukas Vrabec in comment 55 should resolve the denial.

# semanage fcontext -a -t systemd_logind_exec_t /usr/lib/systemd/systemd-user-runtime-dir
# restorecon -v /usr/lib/systemd/systemd-user-runtime-dir

Comment 119 Karel Volný 2018-12-10 08:50:28 UTC
Description of problem:
This is clean installation. I got this error after first login ...

Version-Release number of selected component:
selinux-policy-3.14.2-42.fc29.noarch

Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.19.6-300.fc29.x86_64
type:           libreport

Comment 120 Karel Volný 2018-12-10 08:59:45 UTC
(In reply to Jeremy Petersen from comment #117)
> This is still occurring with a fresh install of FC29, with (the latest)
> selinux-policy-3.14.2-42.fc29 installed. Why has this been closed?

I second the question

this happened to me on clean netinstall = with updates already pulled in

so this obviously is NOT fixed in those packages (selinux-policy-3.14.2-42.fc29.noarch, systemd-239-6.git9f3aed1.fc29.x86_64)

Comment 121 Jeremy Petersen 2018-12-10 16:30:10 UTC
FYI... running the commands included by Matt above in comment 118 (originally by Lukas Vrabec in comment 55) as root corrected the issue for me on the latest packages. 

Why this is still necessary to do on a fresh netinstall image is the remaining question though. This was the case for me as well. Running these commands manually following a fresh netinstall should obviously not be necessary. 

Thanks for the information on the commands. Please correct this permanently for the netinstall image.

Comment 122 Matt Fagnani 2018-12-10 20:45:30 UTC
Karel and Jeremy, if the netinstall image contained systemd-239-3 and selinux-policy-3.14.2-40 from the time F29 was released, and then during the installation or upgrade dnf upgraded systemd-239-6.git9f3aed1 after selinux-policy-3.14.2-42, then /usr/lib/systemd/systemd-user-runtime-dir might have been mislabelled init_t instead of systemd_logind_exec_t. I'm guessing that systemd might need to be updated so that /usr/lib/systemd/systemd-user-runtime-dir has the systemd_logind_exec_t label, so I'm reassigning this entry to systemd. Could the systemd maintainers set the /usr/lib/systemd/systemd-user-runtime-dir label to system_u:object_r:systemd_logind_exec_t:s0 if it isn't already and they think that would be appropriate? Thanks.

Comment 123 Lukas Vrabec 2018-12-12 13:00:09 UTC
Hi, 

/usr/lib/systemd/systemd-user-runtime-dir is already labeled as systemd_logind_exec_t and this bugs should be fixed. So I'm not sure that is the problem here.

Comment 124 Matt Fagnani 2018-12-14 23:24:21 UTC
(In reply to Lukas Vrabec from comment #123)
> Hi, 
> 
> /usr/lib/systemd/systemd-user-runtime-dir is already labeled as
> systemd_logind_exec_t and this bugs should be fixed. So I'm not sure that is
> the problem here.

Lukas, is it possible that the part of selinux-policy-3.14.2-42 that labels /usr/lib/systemd/systemd-user-runtime-dir as systemd_logind_exec_t wasn't run during the netinstalls that Karel and Jeremy did? If that happened, then the label of /usr/lib/systemd/systemd-user-runtime-dir might have remained init_t. I'm guessing that /usr/lib/systemd/systemd-user-runtime-dir was labelled init_t in Karel and Jeremy's cases since they said the same denial happened for them and Karel's report in comment 119 appeared to match this report using setroubleshooter. Could Karel and Jeremy check what the audit messages for the denials they reported were and the journal messages using journalctl and /var/log/dnf.log from when they did the netinstalls to see if dnf upgraded systemd-239-6.git9f3aed1 after selinux-policy-3.14.2-42 or not? 

If the systemd packages were updated to run the semanage and restorecon commands that Lukas wrote in comment 55 on /usr/lib/systemd/systemd-user-runtime-dir before the package was created or in an appropriate scriptlet, it might make sure that systemd-user-runtime-dir is labelled systemd_logind_exec_t in the cases that the systemd update reverted the label to init_t or the selinux-policy package part that labels systemd-user-runtime-dir as systemd_logind_exec_t wasn't run properly. A selinux-policy package update might be a more direct way to address this issue if the part that labels systemd-user-runtime-dir as systemd_logind_exec_t wasn't run properly during the netinstall process.

Comment 125 algus.dark 2019-01-08 15:16:54 UTC
Description of problem:
Everytime I turn on the PC, this is the message I have.
My graphic video card is RTX2080

Version-Release number of selected component:
selinux-policy-3.14.2-44.fc29.noarch

Additional info:
reporter:       libreport-2.9.7
hashmarkername: setroubleshoot
kernel:         4.19.13-300.fc29.x86_64
type:           libreport

Comment 126 Ahmed 2019-01-17 16:41:05 UTC
Description of problem:
After updating Selinux with full update   dnf update

Version-Release number of selected component:
selinux-policy-3.14.2-46.fc29.noarch

Additional info:
reporter:       libreport-2.9.7
hashmarkername: setroubleshoot
kernel:         4.19.15-300.fc29.x86_64
type:           libreport

Comment 127 Ahmed 2019-01-18 20:03:00 UTC
Description of problem:
Every time on reboot

Version-Release number of selected component:
selinux-policy-3.14.2-47.fc29.noarch

Additional info:
reporter:       libreport-2.9.7
hashmarkername: setroubleshoot
kernel:         4.19.15-300.fc29.x86_64
type:           libreport

Comment 128 Ahmed 2019-01-23 12:21:14 UTC
Description of problem:
Today made SElinux policies update  dnf update, however the error still occures

Version-Release number of selected component:
selinux-policy-3.14.2-47.fc29.noarch

Additional info:
reporter:       libreport-2.9.7
hashmarkername: setroubleshoot
kernel:         4.20.3-200.fc29.x86_64
type:           libreport

Comment 129 Karel Volný 2019-01-24 14:07:37 UTC
(In reply to Matt Fagnani from comment #124)
> Could Karel and Jeremy check what the audit
> messages for the denials they reported were and the journal messages using
> journalctl and /var/log/dnf.log from when they did the netinstalls to see if
> dnf upgraded systemd-239-6.git9f3aed1 after selinux-policy-3.14.2-42 or not? 

unfortunately, I don't have that system available any longer to inspect the logs

what I can say is that I've installed another machine recently and I'm not getting any such errors - has anything changed over the Christmas?

but according #c125 and #c126 some people still see that ... strange

Comment 130 Alastair Surin 2019-01-26 00:36:02 UTC
Description of problem:
Computer booted up, logged in from GDM

Version-Release number of selected component:
selinux-policy-3.14.2-47.fc29.noarch

Additional info:
reporter:       libreport-2.9.7
hashmarkername: setroubleshoot
kernel:         4.20.3-200.fc29.x86_64
type:           libreport

Comment 131 Matt Fagnani 2019-01-26 01:20:46 UTC
(In reply to Karel Volný from comment #129)
> unfortunately, I don't have that system available any longer to inspect the
> logs
> 
> what I can say is that I've installed another machine recently and I'm not
> getting any such errors - has anything changed over the Christmas?
> 
> but according #c125 and #c126 some people still see that ... strange

Karel, there were selinux-policy-3.14.2-44 through 3.14.2-47 and systemd-239-7.git9f3aed1 to 239-9.gite339eae updates submitted though I don't see anything related to systemd-user-runtime-dir in their changelogs at https://koji.fedoraproject.org/koji/buildinfo?buildID=1179987
https://koji.fedoraproject.org/koji/buildinfo?buildID=1182110

I guess that the continued reports of this error are due to systemd-user-runtime-dir being mislabelled init_t for some reason such as those I previously mentioned in comment 122 and comment 124. If anyone who still sees this denial could check their audit, journal, and dnf logs to see if there were errors when selinux-policy or systemd packages were upgraded or if systemd was upgraded after selinux-policy, that information might help to find the reason for the continuing denials.

Comment 132 Michael H 2019-01-27 15:08:52 UTC
Description of problem:
Just after my session loggin.

At every time my system ask my to type the password for Nextcloud (possible little issue with the polkit ?)

I suppose it is linked... I do anything in same time. The issue coming just after the boot when I type my password for Nextcloud...

Version-Release number of selected component:
selinux-policy-3.14.2-47.fc29.noarch

Additional info:
reporter:       libreport-2.9.7
hashmarkername: setroubleshoot
kernel:         4.20.3-200.fc29.x86_64
type:           libreport

Comment 133 Anton Maklakov 2019-02-17 16:27:35 UTC
Description of problem:
Fedora Server 29 Netinstall was installed as KDE Workspace + KDE Applications

Version-Release number of selected component:
selinux-policy-3.14.2-48.fc29.noarch

Additional info:
reporter:       libreport-2.10.0
hashmarkername: setroubleshoot
kernel:         4.20.8-200.fc29.x86_64
type:           libreport

Comment 134 Andrew Zabolotny 2019-02-17 16:34:03 UTC
(In reply to Lukas Vrabec from comment #55)

> It looks like I found workaround here, it works for me but could you please
> test it? 
> 
> # semanage fcontext -a -t systemd_logind_exec_t
> /usr/lib/systemd/systemd-user-runtime-dir
> # restorecon -v /usr/lib/systemd/systemd-user-runtime-dir
> 
> It fixed my rawhide, if somebody confirm that it fixing your systems, I'll
> create selinux-policy updates ASAP.
I can confirm this fixes the SELinux denial and the following popup.

However, it looks like systemd-user-runtime-dir is broken somehow.
After allowing it to write to my home directory, I have directories with random names being created in my home directory every time I log in.
And it doesn't look like an encoding problem, since those random directory names contain latin characters and digits.
I'm not sure if I should open a new bugreport, or this can be fixed right here.
My system-wide language setting is Russian and encoding is UTF-8.

P.S. Same happened after I "fixed" systemd-user-runtime-dir as the error popup suggests it (e.g. creating a custom .pp file and installing it).

Comment 135 Anton Maklakov 2019-02-17 16:49:50 UTC
Description of problem:
Just after install Fedora 29 Server Netinstall with KDE Workspace + KDE Applications. After login

Version-Release number of selected component:
selinux-policy-3.14.2-48.fc29.noarch

Additional info:
reporter:       libreport-2.10.0
hashmarkername: setroubleshoot
kernel:         4.20.8-200.fc29.x86_64
type:           libreport

Comment 136 Anton Maklakov 2019-02-17 18:31:01 UTC
Description of problem:
After login to the fresh installation of Fedora 29 Server Netinstall with KDE Workspace

Version-Release number of selected component:
selinux-policy-3.14.2-48.fc29.noarch

Additional info:
reporter:       libreport-2.10.0
hashmarkername: setroubleshoot
kernel:         4.20.8-200.fc29.x86_64
type:           libreport

Comment 137 Matt Fagnani 2019-02-17 21:45:44 UTC
Andrew, the directories with random names being created might be due to an issue with abrt 2.11.1-2 as described at https://bugzilla.redhat.com/show_bug.cgi?id=1665740 
https://bodhi.fedoraproject.org/updates/FEDORA-2019-b5c308118f
Updating to the latest abrt-2.12.0-2.fc29 packages should stop those random directories from being created. The random directories can be removed.

Anton, since you used a F29 netinstall image as did Karel in comment 120 and Jeremy in comment 121, these continued denials might be related to the F29 netinstall images and/or upgrading from them. Could anyone who still sees these denials mention if they used a F29 netinstall image? The output of ls -lZ /usr/lib/systemd/systemd-user-runtime-dir and the full audit message of the denial might also be informative. Running the commands suggested by Lukas in comment 55 relabels /usr/lib/systemd/systemd-user-runtime-dir to systemd_logind_exec_t and should stop these denials.

Comment 138 Thomas Wright 2019-02-18 16:21:01 UTC
Description of problem:
SELinux error on bootup after update.


Additional info:
reporter:       libreport-2.9.6
hashmarkername: setroubleshoot
kernel:         4.18.16-300.fc29.x86_64
type:           libreport

Comment 139 Shad Van Den Hul 2019-02-20 00:44:26 UTC
(In reply to Matt Fagnani from comment #137)
> Andrew, the directories with random names being created might be due to an
> issue with abrt 2.11.1-2 as described at
> https://bugzilla.redhat.com/show_bug.cgi?id=1665740 
> https://bodhi.fedoraproject.org/updates/FEDORA-2019-b5c308118f
> Updating to the latest abrt-2.12.0-2.fc29 packages should stop those random
> directories from being created. The random directories can be removed.
> 
> Anton, since you used a F29 netinstall image as did Karel in comment 120 and
> Jeremy in comment 121, these continued denials might be related to the F29
> netinstall images and/or upgrading from them. Could anyone who still sees
> these denials mention if they used a F29 netinstall image? The output of ls
> -lZ /usr/lib/systemd/systemd-user-runtime-dir and the full audit message of
> the denial might also be informative. Running the commands suggested by
> Lukas in comment 55 relabels /usr/lib/systemd/systemd-user-runtime-dir to
> systemd_logind_exec_t and should stop these denials.

I just recently did a Netinstall (Cinnamon) and getting these errors.

# ls -lZ /usr/lib/systemd/systemd-user-runtime-dir
-rwxr-xr-x. 1 root root system_u:object_r:systemd_logind_exec_t:s0 20200 Feb  8 02:09 /usr/lib/systemd/systemd-user-runtime-dir

Though I have already ran the fix commands.
SELinux is preventing systemd-user-ru from remove_name access on the directory services.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that systemd-user-ru should be allowed remove_name access on the services directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'systemd-user-ru' --raw | audit2allow -M my-systemduserru
# semodule -X 300 -i my-systemduserru.pp

Additional Information:
Source Context                system_u:system_r:init_t:s0
Target Context                unconfined_u:object_r:session_dbusd_tmp_t:s0
Target Objects                services [ dir ]
Source                        systemd-user-ru
Source Path                   systemd-user-ru
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.14.2-48.fc29.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 4.20.8-200.fc29.x86_64
                              #1 SMP Wed Feb 13 13:08:05 UTC 2019 x86_64 x86_64
Alert Count                   2
First Seen                    2019-02-16 21:23:11 CST
Last Seen                     2019-02-19 18:15:08 CST
Local ID                      b6e1c91d-f1d5-4b57-94e9-81d1bd97f0b1

Raw Audit Messages
type=AVC msg=audit(1550621708.581:238): avc:  denied  { remove_name } for  pid=2339 comm="systemd-user-ru" name="services" dev="tmpfs" ino=31871 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=dir permissive=0


Hash: systemd-user-ru,init_t,session_dbusd_tmp_t,dir,remove_name

Comment 140 Freddy Taborda 2019-02-27 03:33:30 UTC
*** Bug 1683505 has been marked as a duplicate of this bug. ***

Comment 141 C L 2019-03-03 12:27:23 UTC
I know I'm late to the game.  I fell into this same problem while I was assessing the rolling out of a F29 deployment.

My testing environment consists of a VM with https://download.fedoraproject.org/pub/fedora/linux/releases/29/Everything/x86_64/iso/Fedora-Everything-netinst-x86_64-29-1.2.iso and a kickstart configuration to download and install the latest packages from the "updates" repo.

For reference, installed relevant packages:
selinux-policy.noarch                       3.14.2-49.fc29                     @updates     
selinux-policy-targeted.noarch              3.14.2-49.fc29                     @updates     
systemd.x86_64                              239-12.git8bca462.fc29             @updates     

# ls -lZ /usr/lib/systemd/systemd-user-runtime-dir
-rwxr-xr-x. 1 root root system_u:object_r:init_exec_t:s0 20200 Feb 21 00:51 /usr/lib/systemd/systemd-user-runtime-dir

# ausearch -c 'systemd-user-ru'
----
time->Sun Mar  3 19:21:56 2019
type=AVC msg=audit(1551612116.185:419): avc:  denied  { read } for  pid=28198 comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=27007 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=dir permissive=0
----
time->Sun Mar  3 19:44:06 2019
type=AVC msg=audit(1551613446.361:728): avc:  denied  { read } for  pid=3009 comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=25001 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=dir permissive=0
----
time->Sun Mar  3 19:44:39 2019
type=AVC msg=audit(1551613479.577:767): avc:  denied  { read } for  pid=3094 comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=32482 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=dir permissive=0
----
time->Sun Mar  3 19:45:00 2019
type=AVC msg=audit(1551613500.982:786): avc:  denied  { read } for  pid=3700 comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=30764 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=dir permissive=0

If there is any more info I can provide to help pinpoint the nature of the problem then do reach out.

Comment 142 Matt Fagnani 2019-03-03 20:38:49 UTC
Shad and C L, since your audit messages have /usr/lib/systemd/systemd-user-runtime-dir originally labelled as init_t as I and others saw with selinux-policy-3.14.2-40, and https://download.fedoraproject.org/pub/fedora/linux/releases/29/Everything/x86_64/iso/Fedora-Everything-netinst-x86_64-29-1.2.iso was last modified 2018-10-24, I guess that the F29 netinstall images haven't been updated from the time of the F29 release around the end of October. I suppose that /usr/lib/systemd/systemd-user-runtime-dir might not be relabelled from init_t to systemd_logind_exec_t when updating selinux-policy from the netinstall images for some unknown reason. Searching the output of commands like the following for errors involving the selinux-policy or systemd images being updated for the date when the netinstall and the first update were done might help to identify the reason:
journalctl --since 2019-02-01
sudo ausearch -ts 2019-02-01 | less
sudo less /var/log/dnf.log

C L, running the commands suggested by Lukas in comment 55 relabels /usr/lib/systemd/systemd-user-runtime-dir to systemd_logind_exec_t and should stop these denials. Those commands could be run in a script when you do each installation.

If the F29 netinstall images were rebuilt to have selinux-policy-3.14.2-49 at least if not the other latest stable rpms, then these denials might not occur for those using them for new installations. I don't know if the release netinstall images are allowed to be rebuilt. If the release engineering maintainers were contacted, they might be able to assess this issue and whether rebuilding the F29 netinstall images would be appropriate. I'm not sure who to contact in release engineering. If anyone knows who to contact, please let me know or cc them. Thanks.

Comment 143 Samuel Sieb 2019-03-03 21:13:12 UTC
Release images are never rebuilt.  There are unofficial respins of some (one?) live images, but that's all.
However, since the netinstall is installing from updates, I don't understand why there's a problem.  It should be using the fixed packages.

Comment 144 Matt Fagnani 2019-03-03 23:27:40 UTC
Samuel, thanks for clarifying that issue for me. If the commands suggested by Lukas in comment 55 were added to an appropriate selinux-policy (or systemd) scriptlet, then they might relabel /usr/lib/systemd/systemd-user-runtime-dir to systemd_logind_exec_t for the netinstalls once the update gets to the updates repo. I suggested something like that in comment 124, but I didn't see such a change tried.

Comment 145 Joel Torvalds 2019-03-04 13:56:08 UTC
Description of problem:
so i just installed Fedora 29 and this pops up and when you allow a local policy more setroubleshoot alerts

Version-Release number of selected component:
selinux-policy-3.14.2-49.fc29.noarch

Additional info:
reporter:       libreport-2.10.0
hashmarkername: setroubleshoot
kernel:         4.20.13-200.fc29.x86_64
type:           libreport

Comment 146 Darryl B 2019-03-12 15:43:52 UTC
Description of problem:
Booting Fedora under the Parallels hypervisor.

Version-Release number of selected component:
selinux-policy-3.14.2-49.fc29.noarch

Additional info:
reporter:       libreport-2.10.0
hashmarkername: setroubleshoot
kernel:         4.20.13-200.fc29.x86_64
type:           libreport

Comment 147 ricky.tigg 2019-03-27 12:02:55 UTC
Description of problem:
OS has just been installed using original network installation media then started.

Version-Release number of selected component:
selinux-policy-3.14.2-51.fc29.noarch

Additional info:
reporter:       libreport-2.10.0
hashmarkername: setroubleshoot
kernel:         5.0.3-200.fc29.x86_64
type:           libreport

Comment 148 Marco Carlo Feliciano 2019-03-31 11:34:51 UTC
Description of problem:
It verifies everytime at the boot.

Version-Release number of selected component:
selinux-policy-3.14.2-51.fc29.noarch

Additional info:
reporter:       libreport-2.10.0
hashmarkername: setroubleshoot
kernel:         5.0.4-200.fc29.x86_64
type:           libreport

Comment 149 René Kristensen 2019-04-03 08:22:46 UTC
*** Bug 1695487 has been marked as a duplicate of this bug. ***

Comment 150 SriramaKumar Vishnubhotla 2019-04-05 06:57:00 UTC
Description of problem:
Fresh install with KDE Plasma + Extras. Problem repeats on every startup. Accompanied by this message: "We're sorry, it looks like BOOT_IMAGE=/vmlinuz-5.0.5-200.fc29.x86_64 crashed. Please contact the developer if you want to report the issue. 
We're sorry, it looks like /usr/bin/python3 crashed. Please contact the developer if you want to report the issue."

Version-Release number of selected component:
selinux-policy-3.14.2-51.fc29.noarch

Additional info:
reporter:       libreport-2.10.0
hashmarkername: setroubleshoot
kernel:         5.0.5-200.fc29.x86_64
type:           libreport

Comment 151 Milan Kerslager 2019-04-14 10:01:39 UTC
Description of problem:
Fresh Fedora 29 install (Xfce), system is up-to-date

Version-Release number of selected component:
selinux-policy-3.14.2-53.fc29.noarch

Additional info:
reporter:       libreport-2.10.0
hashmarkername: setroubleshoot
kernel:         5.0.7-200.fc29.x86_64
type:           libreport

Comment 152 Dheerendra Pal Singh 2019-04-20 10:29:07 UTC
Description of problem:
Started the computer.
Logged in at GUI.
Connected BroadBand Cellular Modem to AirTel.

Version-Release number of selected component:
selinux-policy-3.14.2-54.fc29.noarch

Additional info:
reporter:       libreport-2.10.0
hashmarkername: setroubleshoot
kernel:         5.0.7-200.fc29.x86_64
type:           libreport

Comment 153 jeffj1101 2019-05-02 21:27:22 UTC
Fedora 29, I got this error as well, identified through running. grep "denied" /var/log/audit/audit.log

type=AVC msg=audit(1556820258.900:231): avc:  denied  { read } for  pid=1877 comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=35162 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=dir permissive=0

selinux-policy.noarch             3.14.2-54.fc29                                                                
selinux-policy-targeted.noarch    3.14.2-54.fc29 

Kernel :  5.0.9-200.fc29.x86_64

Comment 154 jeffj1101 2019-05-02 21:40:06 UTC
(In reply to jeffj1101 from comment #153)
> Fedora 29, I got this error as well, identified through running. grep
> "denied" /var/log/audit/audit.log
> 
> type=AVC msg=audit(1556820258.900:231): avc:  denied  { read } for  pid=1877
> comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=35162
> scontext=system_u:system_r:init_t:s0
> tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=dir permissive=0
> 
> selinux-policy.noarch             3.14.2-57.fc29                            
> 
> selinux-policy-targeted.noarch    3.14.2-57.fc29 
> 
> Kernel :  5.0.9-200.fc29.x86_64

The following commands did not help:
 semanage fcontext -a -t systemd_logind_exec_t /usr/lib/systemd/systemd-user-runtime-dir
 restorecon -v /usr/lib/systemd/systemd-user-runtime-dir

Comment 155 Milan Kerslager 2019-06-09 19:20:34 UTC
Description of problem:
Machine boot after update

Version-Release number of selected component:
selinux-policy-3.14.2-59.fc29.noarch

Additional info:
reporter:       libreport-2.10.0
hashmarkername: setroubleshoot
kernel:         5.1.6-200.fc29.x86_64
type:           libreport

Comment 156 Lukas Vrabec 2019-07-29 15:41:02 UTC
Fixes backported also to F29:

commit 5ab72356a64a4da93c3b95f8f75f51c8ce1398d6 (HEAD -> f29, origin/f29)
Author: Lukas Vrabec <lvrabec@redhat.com>
Date:   Fri May 17 23:16:50 2019 +0200

    Allow init_t to manage session_dbusd_tmp_t dirs


https://github.com/fedora-selinux/selinux-policy/commit/5ab72356a64a4da93c3b95f8f75f51c8ce1398d6

Comment 157 Fedora Update System 2019-08-02 07:50:06 UTC
FEDORA-2019-b51794f502 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-b51794f502

Comment 158 Fedora Update System 2019-08-03 02:02:08 UTC
selinux-policy-3.14.2-64.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-b51794f502

Comment 159 Fedora Update System 2019-08-18 01:56:20 UTC
selinux-policy-3.14.2-64.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.