Description of problem: SELinux is preventing /usr/bin/gnome-shell from 'map' accesses on the file /memfd:wayland-cursor (deleted). ***** Plugin restorecon (92.2 confidence) suggests ************************ If you want to fix the label. /memfd:wayland-cursor (deleted) default label should be etc_runtime_t. Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly. Do # /sbin/restorecon -v /memfd:wayland-cursor (deleted) ***** Plugin catchall_boolean (7.83 confidence) suggests ****************** If you want to allow domain to can mmap files Then you must tell SELinux about this by enabling the 'domain_can_mmap_files' boolean. Do setsebool -P domain_can_mmap_files 1 ***** Plugin catchall (1.41 confidence) suggests ************************** If you believe that gnome-shell should be allowed map access on the memfd:wayland-cursor (deleted) file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gnome-shell' --raw | audit2allow -M my-gnomeshell # semodule -X 300 -i my-gnomeshell.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:tmpfs_t:s0 Target Objects /memfd:wayland-cursor (deleted) [ file ] Source gnome-shell Source Path /usr/bin/gnome-shell Port <Unknown> Host (removed) Source RPM Packages gnome-shell-40.0-1.fc35.x86_64 Target RPM Packages SELinux Policy RPM selinux-policy-targeted-3.14.8-7.fc35.noarch Local Policy RPM selinux-policy-targeted-3.14.8-7.fc35.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 5.12.0-0.rc4.175.fc35.x86_64 #1 SMP Tue Mar 23 02:17:24 +05 2021 x86_64 x86_64 Alert Count 1 First Seen 2021-03-23 02:53:42 +05 Last Seen 2021-03-23 02:53:42 +05 Local ID a8838e56-128d-465f-80e9-8a6baae26139 Raw Audit Messages type=AVC msg=audit(1616450022.299:234): avc: denied { map } for pid=1483 comm="gnome-shell" path=2F6D656D66643A7761796C616E642D637572736F72202864656C6574656429 dev="tmpfs" ino=10241 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1 type=SYSCALL msg=audit(1616450022.299:234): arch=x86_64 syscall=mmap success=yes exit=140708497989632 a0=0 a1=900 a2=3 a3=1 items=0 ppid=1456 pid=1483 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=tty1 ses=4294967295 comm=gnome-shell exe=/usr/bin/gnome-shell subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash: gnome-shell,xdm_t,tmpfs_t,file,map Version-Release number of selected component: selinux-policy-targeted-3.14.8-7.fc35.noarch Additional info: component: selinux-policy reporter: libreport-2.14.0 hashmarkername: setroubleshoot kernel: 5.12.0-0.rc4.175.fc35.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 1943787 ***