Created attachment 1791669 [details] log exported from GNOME-log's important section. Created attachment 1791669 [details] log exported from GNOME-log's important section. Description of problem: ===================================================================================================================== SELinux is preventing gnome-shell from write access on the sock_file dbus-3Txx19aEpJ. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gnome-shell should be allowed write access on the dbus-3Txx19aEpJ sock_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gnome-shell' --raw | audit2allow -M my-gnomeshell # semodule -X 300 -i my-gnomeshell.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:tmp_t:s0 Target Objects dbus-3Txx19aEpJ [ sock_file ] Source gnome-shell Source Path gnome-shell Port <Unknown> Host dragon Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-34.11-1.fc34.noarch Local Policy RPM selinux-policy-targeted-34.11-1.fc34.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name dragon Platform Linux dragon 5.12.10-300.fc34.x86_64 #1 SMP Thu Jun 10 14:21:36 UTC 2021 x86_64 x86_64 Alert Count 53 First Seen 2021-06-16 21:01:47 CST Last Seen 2021-06-17 10:59:39 CST Local ID dc673629-1c13-40f0-9631-eaf628a0f944 Raw Audit Messages type=AVC msg=audit(1623898779.336:1070): avc: denied { write } for pid=3166 comm="gsd-color" name="dbus-3Txx19aEpJ" dev="tmpfs" ino=47 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0 Hash: gnome-shell,xdm_t,tmp_t,sock_file,write How reproducible: ===================================================================================================================== Steps to Reproduce: 1. Install fedora 34 2. login GNOME and wait a minutes 3. error happend Additional info: ===================================================================================================================== audit log: ===================================================================================================================== ``` type=AVC msg=audit(1623898779.336:1070): avc: denied { write } for pid=3166 comm="gsd-color" name="dbus-3Txx19aEpJ" dev="tmpfs" ino=47 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0 ``` dbus-broker.service log: ===================================================================================================================== ``` ● dbus-broker.service - D-Bus System Message Bus Loaded: loaded (/usr/lib/systemd/system/dbus-broker.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2021-06-17 10:59:24 CST; 42min ago TriggeredBy: ● dbus.socket Docs: man:dbus-broker-launch(1) Main PID: 817 (dbus-broker-lau) Tasks: 2 (limit: 19045) Memory: 6.5M CPU: 1.330s CGroup: /system.slice/dbus-broker.service ├─817 /usr/bin/dbus-broker-launch --scope system --audit └─822 dbus-broker --log 4 --controller 9 --machine-id 704e146b70ff4a37923780ee456d4667 --max-bytes 536870912 --max-fds 4096 --max-matches 131072 --audit 6月 17 10:59:24 dragon systemd[1]: Starting D-Bus System Message Bus... 6月 17 10:59:24 dragon systemd[1]: Started D-Bus System Message Bus. 6月 17 10:59:24 dragon dbus-broker-lau[817]: Ready 6月 17 10:59:39 dragon dbus-broker[822]: A security policy denied :1.41 to send method call /org/freedesktop/PackageKit:org.freedesktop.DBus.Properties.GetAll to :1.64. 6月 17 10:59:39 dragon dbus-broker[822]: A security policy denied :1.41 to send method call /org/freedesktop/PackageKit:org.freedesktop.DBus.Properties.GetAll to :1.64. ``` log of dbus.service ===================================================================================================================== ``` ● dbus-broker.service - D-Bus System Message Bus Loaded: loaded (/usr/lib/systemd/system/dbus-broker.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2021-06-17 10:59:24 CST; 45min ago TriggeredBy: ● dbus.socket Docs: man:dbus-broker-launch(1) Main PID: 817 (dbus-broker-lau) Tasks: 2 (limit: 19045) Memory: 6.4M CPU: 1.374s CGroup: /system.slice/dbus-broker.service ├─817 /usr/bin/dbus-broker-launch --scope system --audit └─822 dbus-broker --log 4 --controller 9 --machine-id 704e146b70ff4a37923780ee456d4667 --max-bytes 536870912 --max-fds 4096 --max-matches 131072 --audit 6月 17 10:59:24 dragon systemd[1]: Starting D-Bus System Message Bus... 6月 17 10:59:24 dragon systemd[1]: Started D-Bus System Message Bus. 6月 17 10:59:24 dragon dbus-broker-lau[817]: Ready 6月 17 10:59:39 dragon dbus-broker[822]: A security policy denied :1.41 to send method call /org/freedesktop/PackageKit:org.freedesktop.DBus.Properties.GetAll to :1.64. 6月 17 10:59:39 dragon dbus-broker[822]: A security policy denied :1.41 to send method call /org/freedesktop/PackageKit:org.freedesktop.DBus.Properties.GetAll to :1.64. ```
Saw this on current F35 as well: SELinux is preventing gnome-shell from write access on the sock_file dbus-SJQtBR21nt. Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:tmp_t:s0 Target Objects dbus-SJQtBR21nt [ sock_file ] Source gnome-shell Source Path gnome-shell Port <Unknown> Host <Unknown> Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-34.16-1.fc35.noarch Local Policy RPM selinux-policy-targeted-34.16-1.fc35.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name fedora Platform Linux fedora 5.14.0-0.rc6.46.fc35.x86_64 #1 SMP Mon Aug 16 20:02:52 UTC 2021 x86_64 x86_64 Alert Count 2 First Seen 2021-08-23 16:05:52 PDT Last Seen 2021-08-23 16:05:54 PDT Local ID 9f8e1043-41dd-4f03-9d95-1c6e510e4646 Raw Audit Messages type=AVC msg=audit(1629759954.924:211): avc: denied { write } for pid=1243 comm="ibus-x11" name="dbus-SJQtBR21nt" dev="tmpfs" ino=44 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=1 Hash: gnome-shell,xdm_t,tmp_t,sock_file,write
Actually, this is almost certainly the same as 1941853 . *** This bug has been marked as a duplicate of bug 1941853 ***