On a Fedora 29 system with unconfined disabled. Various packages put stuff in /usr/lib/systemd/user/ , like so: $ ls -lZ /usr/lib/systemd/user/ total 116 -rw-r--r--. 1 root root system_u:object_r:lib_t:s0 131 Sep 7 14:24 at-spi-dbus-bus.service -rw-r--r--. 1 root root system_u:object_r:lib_t:s0 497 Oct 28 17:29 basic.target -rw-r--r--. 1 root root system_u:object_r:lib_t:s0 419 Oct 28 17:29 bluetooth.target -rw-r--r--. 1 root root system_u:object_r:lib_t:s0 138 Jul 12 16:01 colord-session.service [snip] -rw-r--r--. 1 root root system_u:object_r:lib_t:s0 285 Nov 6 00:18 syncthing.service But if I try to use them, I get: Nov 22 22:56:52 vrici systemd[958]: selinux: avc: denied { start } for auid=n/a uid=1000 gid=1000 path="/usr/lib/systemd/user/syncthing.service" cmdline="" scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=service permissive=1 Nov 22 22:56:52 vrici systemd[958]: selinux: avc: denied { status } for auid=n/a uid=1000 gid=1000 path="/usr/lib/systemd/user/syncthing.service" cmdline="" scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=service permissive=1 Nov 22 22:57:00 vrici systemd[958]: selinux: avc: denied { stop } for auid=n/a uid=1000 gid=1000 path="/usr/lib/systemd/user/syncthing.service" cmdline="" scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=service permissive=1 This is, presumably, because they should be of type systemd_unit_file_t
commit f66be95c84a3d27e800117966f7147ff93e3acd6 Author: Lukas Vrabec <lvrabec> Date: Mon Jan 7 22:52:17 2019 +0100 Label /usr/lib/systemd/user as systemd_unit_file_t BZ(1652814)
selinux-policy-3.14.2-46.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a20cfef61
selinux-policy-3.14.2-46.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a20cfef61
selinux-policy-3.14.2-46.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.