AVC avc: denied { watch } for pid=691 comm="systemd-timesyn" path="/run/dbus" dev="tmpfs" ino=42 scontext=system_u:system_r:systemd_timedated_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir permissive=0
Same here: $ journalctl -b -p warning [...] Jun 07 00:16:26 systemd-timesyncd[1086]: Failed to connect to bus: Permission denied Jun 07 00:16:26 systemd-timesyncd[1086]: Could not connect to bus: Permission denied Jun 07 00:16:26 systemd[1]: systemd-timesyncd.service: Failed with result 'exit-code'. Jun 07 00:16:26 systemd[1]: Failed to start Network Time Synchronization. $ journalctl -b | grep denied | grep -m3 systemd-timesyn Jun 07 00:16:26 audit[1086]: AVC avc: denied { watch } for pid=1086 comm="systemd-timesyn" path="/run/dbus" dev="tmpfs" ino=46 scontext=system_u:system_r:systemd_timedated_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir permissive=0 Jun 07 00:16:26 systemd-timesyncd[1086]: Failed to connect to bus: Permission denied Jun 07 00:16:26 systemd-timesyncd[1086]: Could not connect to bus: Permission denied (Note: the bootlog has many more AVC denied warnings[0], but that's material for another bug report, I guess) === After the system has booted, restarting systemd-timesyncd.service works just fine. Now, /run/dbus looks like this: $ ls -ldZ /run/dbus{,/*} drwxr-xr-x. 2 root root system_u:object_r:system_dbusd_var_run_t:s0 60 Jun 7 00:16 /run/dbus srw-rw-rw-. 1 root root system_u:object_r:system_dbusd_var_run_t:s0 0 Jun 7 00:16 /run/dbus/system_bus_socket [0] https://clbin.com/30ROH
*** Bug 1967971 has been marked as a duplicate of this bug. ***
Please attach the full log, and also the output from 'systemctl status dbus'. > Jun 07 00:16:26 audit[1086]: AVC avc: denied { watch } for pid=1086 comm="systemd-timesyn" path="/run/dbus" dev="tmpfs" ino=46 scontext=system_u:system_r:systemd_timedated_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir permissive=0 Normally systemd-timesyncd (or any dbus client) would do connect() to "/run/dbus/system_bus_socket". If it's trying to open a watch on the directory, this means that the socket was not present and it's trying to establish a watch to monitor when the socket is opened by the dbus broker.
*** Bug 1960468 has been marked as a duplicate of this bug. ***
I've submitted a Fedora PR to address the issue: https://github.com/fedora-selinux/selinux-policy/pull/780
FEDORA-2021-3df7370a94 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-3df7370a94
FEDORA-2021-3df7370a94 has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-3df7370a94` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-3df7370a94 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-3df7370a94 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report.
*** Bug 1970359 has been marked as a duplicate of this bug. ***