Description of problem: I get thousands (?) of those per second: Nov 18 10:59:50 rpi3 audit[752]: USER_AVC pid=752 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.resolve1.Manager member=ResolveHostname dest=org.freedesktop.resolve1 spid=19642 tpid=1308 scontext=system_u:system_r:pcp_pmie_t:s0-s0:c0.c1023 tcontext=system_u:system_r:systemd_resolved_t:s0 tclass=dbus permissive=0 exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' Nov 18 10:59:50 rpi3 audit[752]: USER_AVC pid=752 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.resolve1.Manager member=ResolveHostname dest=org.freedesktop.resolve1 spid=19642 tpid=1308 scontext=system_u:system_r:pcp_pmie_t:s0-s0:c0.c1023 tcontext=system_u:system_r:systemd_resolved_t:s0 tclass=dbus permissive=0 exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' Version-Release number of selected component (if applicable): selinux-policy-targeted-3.14.2-42.fc29.noarch systemd-239-6.git9f3aed1.fc29.aarch64 pcp-4.2.0-1.fc29.aarch64 How reproducible: It's probably deterministic. Steps to Reproduce: 1. enable systemd-resolved.service and put in /etc/nsswitch.conf > hosts: resolve [!UNAVAIL=return] myhostname 2. make sure /usr/bin/pmie is running Actual results: 200% CPU used Expected results: Nothing. Additional info: pcp seems to be borked, it's running the service as part of the pcp user session. I'll try to figure out what is going on there and file a separate bug.
commit 70ee11dfc297bb8a114d5a74602f1038956f7070 (HEAD -> rawhide) Author: Lukas Vrabec <lvrabec> Date: Mon Dec 17 20:02:52 2018 +0100 Allow pcp_pmie_t domain to dbus chat with systemd_resolved_t domain BZ(1650997)
selinux-policy-3.14.2-46.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a20cfef61
selinux-policy-3.14.2-46.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a20cfef61
selinux-policy-3.14.2-46.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.