Description of problem: After confining my user from unbconfinbed_u to staff_u, I got this report for pulseaudio. SELinux is preventing systemd from 'create' accesses on the unix_stream_socket labeled pulseaudio_t. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that systemd should be allowed create access on the Unknown unix_stream_socket by default. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do allow this access for now by executing: # ausearch -c 'systemd' --raw | audit2allow -M my-systemd # semodule -X 300 -i my-systemd.pp Additional Information: Source Context staff_u:staff_r:staff_t:s0-s0:c0.c1023 Target Context staff_u:staff_r:pulseaudio_t:s0-s0:c0.c1023 Target Objects Unknown [ unix_stream_socket ] Source systemd Source Path systemd Port <Unbekannt> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.2-42.fc29.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.19.6-300.fc29.x86_64 #1 SMP Sun Dec 2 17:33:14 UTC 2018 x86_64 x86_64 Alert Count 1 First Seen 2018-12-11 17:44:13 CET Last Seen 2018-12-11 17:44:13 CET Local ID 2151308d-3ef6-44ce-9a72-c9a2cb6321d6 Raw Audit Messages type=AVC msg=audit(1544546653.715:264): avc: denied { create } for pid=1739 comm="systemd" scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=staff_u:staff_r:pulseaudio_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=0 Hash: systemd,staff_t,pulseaudio_t,unix_stream_socket,create Version-Release number of selected component: selinux-policy-3.14.2-42.fc29.noarch Additional info: component: selinux-policy reporter: libreport-2.9.7 hashmarkername: setroubleshoot kernel: 4.19.6-300.fc29.x86_64 type: libreport Potential duplicate: bug 1583013
*** Bug 1583013 has been marked as a duplicate of this bug. ***
commit 3c7ac03b5c004e017303b0fd0a95e96817a3d3b5 (HEAD -> rawhide) Author: Lukas Vrabec <lvrabec> Date: Wed Dec 19 14:23:31 2018 +0100 Update pulseaudio_stream_connect() to allow caller domain create stream sockets to cumminicate with pulseaudio commit 7c8524cde7c503f37925c116b9e345c521b538ba (HEAD -> rawhide) Author: Lukas Vrabec <lvrabec> Date: Wed Dec 19 14:25:44 2018 +0100 Allow x_userdomains to stream connect to pulseaudio BZ(1658286)
Description of problem: `sudo iotop` Version-Release number of selected component: selinux-policy-3.14.2-44.fc29.noarch Additional info: reporter: libreport-2.9.7 hashmarkername: setroubleshoot kernel: 4.19.8-300.fc29.x86_64 type: libreport
selinux-policy-3.14.2-46.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a20cfef61
selinux-policy-3.14.2-46.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a20cfef61
selinux-policy-3.14.2-46.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.