Description of problem: Clean install of Fedora 34 latest compose or Fedora Rawhide. SELinux prevents spice-vdagent from working, so for example guest resolution is not automatically changed to match the virtual screen size. SELinux is preventing spice-vdagentd from 'watch' accesses on the directory /run/systemd/sessions. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that spice-vdagentd should be allowed watch access on the sessions directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'spice-vdagentd' --raw | audit2allow -M my-spicevdagentd # semodule -X 300 -i my-spicevdagentd.pp Additional Information: Source Context system_u:system_r:vdagent_t:s0 Target Context system_u:object_r:systemd_logind_sessions_t:s0 Target Objects /run/systemd/sessions [ dir ] Source spice-vdagentd Source Path spice-vdagentd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-3.14.8-6.fc35.noarch Local Policy RPM selinux-policy-targeted-3.14.8-6.fc35.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 5.12.0-0.rc3.170.fc35.x86_64 #1 SMP Mon Mar 15 16:25:09 UTC 2021 x86_64 x86_64 Alert Count 2 First Seen 2021-03-17 19:25:37 CET Last Seen 2021-03-17 19:28:03 CET Local ID 9931a884-3cd5-4193-84c5-82612bd2d13a Raw Audit Messages type=AVC msg=audit(1616005683.987:589): avc: denied { watch } for pid=2369 comm="spice-vdagentd" path="/run/systemd/sessions" dev="tmpfs" ino=66 scontext=system_u:system_r:vdagent_t:s0 tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=dir permissive=1 Hash: spice-vdagentd,vdagent_t,systemd_logind_sessions_t,dir,watch Version-Release number of selected component: selinux-policy-targeted-3.14.8-6.fc35.noarch Additional info: component: selinux-policy reporter: libreport-2.14.0 hashmarkername: setroubleshoot kernel: 5.12.0-0.rc3.170.fc35.x86_64 type: libreport
I've submitted a Fedora PR to address the issue: https://github.com/fedora-selinux/selinux-policy/pull/647
FEDORA-2021-68c09eb43f has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-68c09eb43f
FEDORA-2021-68c09eb43f has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-68c09eb43f` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-68c09eb43f See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-15b81d905c has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-15b81d905c` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-15b81d905c See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-15b81d905c has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report.