Description of problem: SELinux is preventing dbus-daemon from 'watch' accesses on the directory /etc/dbus-1/session.d. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that dbus-daemon should be allowed watch access on the session.d directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'dbus-daemon' --raw | audit2allow -M my-dbusdaemon # semodule -X 300 -i my-dbusdaemon.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:dbusd_etc_t:s0 Target Objects /etc/dbus-1/session.d [ dir ] Source dbus-daemon Source Path dbus-daemon Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages dbus-common-1.12.20-3.fc34.noarch SELinux Policy RPM selinux-policy-targeted-3.14.8-1.fc35.noarch Local Policy RPM selinux-policy-targeted-3.14.8-1.fc35.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 5.11.0-0.rc7.20210212git291009f656 e8.151.fc35.x86_64 #1 SMP Fri Feb 12 13:02:28 UTC 2021 x86_64 x86_64 Alert Count 4 First Seen 2021-02-15 01:01:36 +05 Last Seen 2021-02-15 01:04:20 +05 Local ID 8d736164-73e1-4424-b2a7-7282e81449d8 Raw Audit Messages type=AVC msg=audit(1613333060.966:547): avc: denied { watch } for pid=1542 comm="dbus-daemon" path="/etc/dbus-1/session.d" dev="nvme0n1p2" ino=134320398 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir permissive=1 Hash: dbus-daemon,xdm_t,dbusd_etc_t,dir,watch Version-Release number of selected component: selinux-policy-targeted-3.14.8-1.fc35.noarch Additional info: component: selinux-policy reporter: libreport-2.14.0 hashmarkername: setroubleshoot kernel: 5.11.0-0.rc7.20210212git291009f656e8.151.fc35.x86_64 type: libreport
This bug affects Fedora 34 as well. The solution by 'catchall' resolves it. In Fedora Workstation this results in an upgraded machine not being able to boot to the desktop at all.
*** Bug 1928560 has been marked as a duplicate of this bug. ***
Similar problem has been detected: second reboot after install. I had been installing additional software. hashmarkername: setroubleshoot kernel: 5.11.1-300.fc34.x86_64 package: selinux-policy-targeted-3.14.7-23.fc34.noarch reason: SELinux is preventing dbus-daemon from 'watch' accesses on the directory /etc/dbus-1/session.d. type: libreport
Similar problem has been detected: System start and login hashmarkername: setroubleshoot kernel: 5.11.2-300.fc34.x86_64 package: selinux-policy-targeted-3.14.7-23.fc34.noarch reason: SELinux is preventing dbus-daemon from 'watch' accesses on the directory /etc/dbus-1/session.d. type: libreport
Similar problem has been detected: This shows up right after a restart. I have setroubleshoot loaded. hashmarkername: setroubleshoot kernel: 5.11.2-300.fc34.x86_64 package: selinux-policy-targeted-3.14.7-24.fc34.noarch reason: SELinux is preventing dbus-daemon from 'watch' accesses on the directory /etc/dbus-1/session.d. type: libreport
Similar problem has been detected: Happens during boot of current Fedora 34 Workstation. hashmarkername: setroubleshoot kernel: 5.11.6-300.fc34.x86_64 package: selinux-policy-targeted-3.14.7-25.fc34.noarch reason: SELinux is preventing dbus-daemon from 'watch' accesses on the directory /etc/dbus-1/session.d. type: libreport
I've submitted a Fedora PR to address the issue: https://github.com/fedora-selinux/selinux-policy/pull/646
*** Bug 1941672 has been marked as a duplicate of this bug. ***