Description of problem: SELinux is preventing pool-gsd-xsetti from 'map' accesses on the Verzeichnis /var/lib/gdm/.cache/fontconfig. ***** Plugin catchall (100. confidence) suggests ************************** Wenn Sie denken, dass es pool-gsd-xsetti standardmäßig erlaubt sein sollte, map Zugriff auf fontconfig directory zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # ausearch -c 'pool-gsd-xsetti' --raw | audit2allow -M my-poolgsdxsetti # semodule -X 300 -i my-poolgsdxsetti.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:xdm_var_lib_t:s0 Target Objects /var/lib/gdm/.cache/fontconfig [ dir ] Source pool-gsd-xsetti Source Path pool-gsd-xsetti Port <Unbekannt> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.3-39.fc30.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.1.15-300.fc30.x86_64 #1 SMP Tue Jun 25 14:07:22 UTC 2019 x86_64 x86_64 Alert Count 9 First Seen 2019-07-06 12:39:40 CEST Last Seen 2019-07-06 12:39:40 CEST Local ID b1ae9e2a-ea67-48e4-aef4-f26319504710 Raw Audit Messages type=AVC msg=audit(1562409580.202:2482): avc: denied { map } for pid=3653 comm="gnome-shell" path="/var/lib/gdm/.cache/fontconfig" dev="dm-1" ino=1183592 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_var_lib_t:s0 tclass=dir permissive=0 Hash: pool-gsd-xsetti,xdm_t,xdm_var_lib_t,dir,map Version-Release number of selected component: selinux-policy-3.14.3-39.fc30.noarch Additional info: component: selinux-policy reporter: libreport-2.10.0 hashmarkername: setroubleshoot kernel: 5.1.15-300.fc30.x86_64 type: libreport
commit 16e99120996d1755b18d042e31cd30bad7687228 Author: Lukas Vrabec <lvrabec> Date: Mon Jul 1 12:47:11 2019 +0200 Allow xdm_t domain to mmap /var/lib/gdm/.cache/fontconfig BZ(1725509)
FEDORA-2019-9c513c4cf8 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-9c513c4cf8
selinux-policy-3.14.3-40.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-9c513c4cf8
selinux-policy-3.14.3-40.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.