Description of problem: install bete and update SELinux is preventing gnome-shell from 'connectto' accesses on the unix_stream_socket /tmp/dbus-ufLMg28o5I. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gnome-shell should be allowed connectto access on the dbus-ufLMg28o5I unix_stream_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gnome-shell' --raw | audit2allow -M my-gnomeshell # semodule -X 300 -i my-gnomeshell.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:system_r:unconfined_service_t:s0-s0:c0.c1 023 Target Objects /tmp/dbus-ufLMg28o5I [ unix_stream_socket ] Source gnome-shell Source Path gnome-shell Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-3.14.7-27.fc34.noarch Local Policy RPM selinux-policy-targeted-3.14.7-27.fc34.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.11.9-300.fc34.aarch64 #1 SMP Wed Mar 24 11:48:39 UTC 2021 aarch64 aarch64 Alert Count 14 First Seen 2021-03-26 12:49:34 CET Last Seen 2021-03-26 14:36:43 CET Local ID 043a4c80-0f03-40a5-a1b8-2d4ef6832f42 Raw Audit Messages type=AVC msg=audit(1616765803.444:586): avc: denied { connectto } for pid=1403 comm="ibus-x11" path="/tmp/dbus-ufLMg28o5I" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:unconfined_service_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=0 Hash: gnome-shell,xdm_t,unconfined_service_t,unix_stream_socket,connectto Version-Release number of selected component: selinux-policy-targeted-3.14.7-27.fc34.noarch Additional info: component: selinux-policy reporter: libreport-2.14.0 hashmarkername: setroubleshoot kernel: 5.11.9-300.fc34.aarch64 type: libreport
*** Bug 1945270 has been marked as a duplicate of this bug. ***
Similar problem has been detected: Booted fc34 WS and logged in. hashmarkername: setroubleshoot kernel: 5.11.14-300.fc34.x86_64 package: selinux-policy-targeted-34.3-1.fc34.noarch reason: SELinux is preventing gnome-shell from 'connectto' accesses on the unix_stream_socket /tmp/dbus-fGwdvY3I84. type: libreport
Similar problem has been detected: Upgrade to F34. hashmarkername: setroubleshoot kernel: 5.11.16-300.fc34.x86_64 package: selinux-policy-targeted-34.3-1.fc34.noarch reason: SELinux is preventing gnome-shell from 'connectto' accesses on the unix_stream_socket /tmp/dbus-b8KDrikwqA. type: libreport
Similar problem has been detected: Happened after upgrade from F33 to F34. hashmarkername: setroubleshoot kernel: 5.11.18-300.fc34.x86_64 package: selinux-policy-targeted-34.5-1.fc34.noarch reason: SELinux is preventing gnome-shell from 'connectto' accesses on the unix_stream_socket /tmp/dbus-ZsyysHDIwE. type: libreport
*** Bug 1963074 has been marked as a duplicate of this bug. ***
Similar problem has been detected: SELinux is preventing gnome-shell from connectto access on the unix_stream_socket /tmp/dbus-RcST4EcrmP. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gnome-shell should be allowed connectto access on the dbus-RcST4EcrmP unix_stream_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gnome-shell' --raw | audit2allow -M my-gnomeshell # semodule -X 300 -i my-gnomeshell.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:system_r:unconfined_service_t:s0-s0:c0.c1 023 Target Objects /tmp/dbus-RcST4EcrmP [ unix_stream_socket ] Source gnome-shell Source Path gnome-shell Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-34.7-1.fc34.noarch Local Policy RPM selinux-policy-targeted-34.7-1.fc34.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux fedora 5.12.6-300.fc34.x86_64 #1 SMP Sat May 22 20:42:55 UTC 2021 x86_64 x86_64 Alert Count 7 First Seen 2021-05-27 17:22:58 EDT Last Seen 2021-05-27 17:23:02 EDT Local ID 4cf34877-a9ed-4324-a42d-1ffeeeceecb8 Raw Audit Messages type=AVC msg=audit(1622150582.606:752): avc: denied { connectto } for pid=2452 comm="ibus-x11" path="/tmp/dbus-RcST4EcrmP" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:unconfined_service_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=0 Hash: gnome-shell,xdm_t,unconfined_service_t,unix_stream_socket,connectto hashmarkername: setroubleshoot kernel: 5.12.6-300.fc34.x86_64 package: selinux-policy-targeted-34.7-1.fc34.noarch reason: SELinux is preventing gnome-shell from 'connectto' accesses on the unix_stream_socket /tmp/dbus-RcST4EcrmP. type: libreport
Similar problem has been detected: - Installed Fedora Workstation 34 - Replace gnome shell with xfce shell - installed snapd - installed icloud-for-linux hashmarkername: setroubleshoot kernel: 5.12.13-300.fc34.x86_64 package: selinux-policy-targeted-34.12-1.fc34.noarch reason: SELinux is preventing gnome-shell from 'connectto' accesses on the unix_stream_socket /tmp/dbus-iaa4NpKPWv. type: libreport
Similar problem has been detected: This error ocurrs when I start sesion with Deepin shell on Fedora 34. hashmarkername: setroubleshoot kernel: 5.13.10-200.fc34.x86_64 package: selinux-policy-targeted-34.16-1.fc34.noarch reason: SELinux is preventing gnome-shell from 'connectto' accesses on the unix_stream_socket /tmp/dbus-nxNB3VIgmH. type: libreport
Also in F35: SELinux is preventing gnome-shell from connectto access on the unix_stream_socket /tmp/dbus-SJQtBR21nt. Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:system_r:unconfined_service_t:s0- s0:c0.c1023 Target Objects /tmp/dbus-SJQtBR21nt [ unix_stream_socket ] Source gnome-shell Source Path gnome-shell Port <Unknown> Host <Unknown> Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-34.16-1.fc35.noarch Local Policy RPM selinux-policy-targeted-34.16-1.fc35.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name fedora Platform Linux fedora 5.14.0-0.rc6.46.fc35.x86_64 #1 SMP Mon Aug 16 20:02:52 UTC 2021 x86_64 x86_64 Alert Count 3 First Seen 2021-08-23 16:05:52 PDT Last Seen 2021-08-23 16:05:56 PDT Local ID 3a6acfde-30dd-4db2-a6d9-bef3bf98b89e Raw Audit Messages type=AVC msg=audit(1629759956.74:220): avc: denied { connectto } for pid=1300 comm="gnome-initial-s" path="/tmp/dbus-SJQtBR21nt" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:unconfined_service_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=1
Hi, ibus tries IPC with a process running in the unconfined_service_t, but the process name is listed. Please run: # ps -eo pid,ppid,fname,cmd,context | grep -e CONTEXT -e unconfined_service_t and try to isolate which process this can be.
This message is a reminder that Fedora Linux 34 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 34 on 2022-06-07. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '34'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 34 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed.
Valid at least up to 35 per my comment above.
FEDORA-2022-9e53cb5027 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-9e53cb5027
FEDORA-2022-9e53cb5027 has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-9e53cb5027` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-9e53cb5027 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-9e53cb5027 has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.