Description of problem: SELinux is preventing dbus-daemon from 'read' accesses on the lnk_file /var/lib/flatpak/exports/share/dbus-1/services/org.gnome.FileRoller.service. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow dbus-daemon to have read access on the org.gnome.FileRoller.service lnk_file Then you need to change the label on /var/lib/flatpak/exports/share/dbus-1/services/org.gnome.FileRoller.service Do # semanage fcontext -a -t FILE_TYPE '/var/lib/flatpak/exports/share/dbus-1/services/org.gnome.FileRoller.service' where FILE_TYPE is one of the following: admin_home_t, bin_t, boot_t, cert_t, cgroup_t, dbusd_etc_t, device_t, devlog_t, etc_runtime_t, etc_t, file_context_t, fonts_cache_t, fonts_t, home_root_t, ld_so_t, lib_t, locale_t, man_cache_t, man_t, net_conf_t, postfix_postdrop_t, proc_t, root_t, rpm_script_tmp_t, security_t, selinux_config_t, shell_exec_t, src_t, sssd_var_lib_t, sysfs_t, system_conf_t, system_db_t, system_dbusd_var_lib_t, systemd_userdbd_runtime_t, textrel_shlib_t, tmp_t, udev_var_run_t, usr_t, var_run_t, var_t, virt_var_lib_t. Then execute: restorecon -v '/var/lib/flatpak/exports/share/dbus-1/services/org.gnome.FileRoller.service' ***** Plugin catchall (17.1 confidence) suggests ************************** If you believe that dbus-daemon should be allowed read access on the org.gnome.FileRoller.service lnk_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'dbus-daemon' --raw | audit2allow -M my-dbusdaemon # semodule -X 300 -i my-dbusdaemon.pp Additional Information: Source Context system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_lib_t:s0 Target Objects /var/lib/flatpak/exports/share/dbus-1/services/org .gnome.FileRoller.service [ lnk_file ] Source dbus-daemon Source Path dbus-daemon Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-3.14.8-7.fc35.noarch Local Policy RPM selinux-policy-targeted-3.14.8-7.fc35.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 5.12.0-0.rc5.180.fc35.x86_64+debug #1 SMP Mon Mar 29 15:13:57 UTC 2021 x86_64 x86_64 Alert Count 4 First Seen 2021-03-31 19:59:17 +05 Last Seen 2021-03-31 19:59:18 +05 Local ID e44f9c68-4dae-4dad-bc70-71b97a245984 Raw Audit Messages type=AVC msg=audit(1617202758.876:570): avc: denied { read } for pid=1543 comm="dbus-daemon" name="org.gnome.FileRoller.service" dev="nvme0n1p2" ino=8913164 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=lnk_file permissive=1 Hash: dbus-daemon,system_dbusd_t,var_lib_t,lnk_file,read Version-Release number of selected component: selinux-policy-targeted-3.14.8-7.fc35.noarch Additional info: component: selinux-policy reporter: libreport-2.14.0 hashmarkername: setroubleshoot kernel: 5.12.0-0.rc5.180.fc35.x86_64+debug type: libreport
*** This bug has been marked as a duplicate of bug 1928548 ***