Description of problem: Log in to GNOME session with user in staff role SELinux is preventing dbus-broker-lau from 'sendto' accesses on the unix_dgram_socket /run/user/1000/systemd/notify. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that dbus-broker-lau should be allowed sendto access on the notify unix_dgram_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'dbus-broker-lau' --raw | audit2allow -M my-dbusbrokerlau # semodule -X 300 -i my-dbusbrokerlau.pp Additional Information: Source Context staff_u:staff_r:staff_dbusd_t:s0-s0:c0.c1023 Target Context staff_u:staff_r:staff_t:s0-s0:c0.c1023 Target Objects /run/user/1000/systemd/notify [ unix_dgram_socket ] Source dbus-broker-lau Source Path dbus-broker-lau Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.3-35.fc30.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.0.14-300.fc30.x86_64 #1 SMP Thu May 9 10:43:38 UTC 2019 x86_64 x86_64 Alert Count 5 First Seen 2019-05-15 07:58:27 AEST Last Seen 2019-05-15 07:58:27 AEST Local ID 0f7e0b3c-2831-4bf7-85c7-c898e7686f2d Raw Audit Messages type=AVC msg=audit(1557871107.47:311): avc: denied { sendto } for pid=2205 comm="dbus-broker-lau" path="/run/user/1000/systemd/notify" scontext=staff_u:staff_r:staff_dbusd_t:s0-s0:c0.c1023 tcontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tclass=unix_dgram_socket permissive=0 Hash: dbus-broker-lau,staff_dbusd_t,staff_t,unix_dgram_socket,sendto Version-Release number of selected component: selinux-policy-3.14.3-35.fc30.noarch Additional info: component: selinux-policy reporter: libreport-2.10.0 hashmarkername: setroubleshoot kernel: 5.0.14-300.fc30.x86_64 type: libreport
commit 4d065f5e8f5461d509087f612db159a22337d34b (HEAD -> rawhide) Author: Lukas Vrabec <lvrabec> Date: Wed May 15 15:35:45 2019 +0200 Allow userdomains to send data over dgram sockets to userdomains dbus services BZ(1710119)
selinux-policy-3.14.3-37.fc30 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-40c077f70d
selinux-policy-3.14.3-37.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-40c077f70d
selinux-policy-3.14.3-37.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.