Description of problem: Logged out of a session & logged into a different session that was already running. SELinux is preventing systemd-logind from 'destroy' accesses on the shared memory labeled unconfined_t. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that systemd-logind should be allowed destroy access on shm labeled unconfined_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'systemd-logind' --raw | audit2allow -M my-systemdlogind # semodule -X 300 -i my-systemdlogind.pp Additional Information: Source Context system_u:system_r:systemd_logind_t:s0 Target Context unconfined_u:unconfined_r:unconfined_t:s0- s0:c0.c1023 Target Objects Unknown [ shm ] Source systemd-logind Source Path systemd-logind Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-35.1-1.fc35.noarch Local Policy RPM selinux-policy-targeted-35.1-1.fc35.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.14.12-300.fc35.x86_64 #1 SMP Wed Oct 13 14:16:09 UTC 2021 x86_64 x86_64 Alert Count 11 First Seen 2021-09-08 15:33:14 EDT Last Seen 2021-10-16 17:27:49 EDT Local ID 51fc6552-e3e1-4f99-8e0b-ef7b5fc5951d Raw Audit Messages type=AVC msg=audit(1634419669.965:736): avc: denied { destroy } for pid=1296 comm="systemd-logind" key=1361445075 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=shm permissive=0 Hash: systemd-logind,systemd_logind_t,unconfined_t,shm,destroy Version-Release number of selected component: selinux-policy-targeted-35.1-1.fc35.noarch Additional info: component: selinux-policy reporter: libreport-2.15.2 hashmarkername: setroubleshoot kernel: 5.14.12-300.fc35.x86_64 type: libreport Potential duplicate: bug 1211852
Similar problem has been detected: Last night I upgraded from Fedora 34 to 35. Today while logged into a Wayland session I connected my external monitors. I then logged out and back in under X11. When I did SELinux troubleshooter showed me this issue. hashmarkername: setroubleshoot kernel: 5.14.14-300.fc35.x86_64 package: selinux-policy-targeted-35.3-1.20211019git94970fc.fc35.noarch reason: SELinux is preventing systemd-logind from 'destroy' accesses on the shared memory labeled unconfined_t. type: libreport
I've submitted a Fedora PR to address the issue: https://github.com/fedora-selinux/selinux-policy/pull/934
FEDORA-2021-64eb16151d has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-64eb16151d
FEDORA-2021-64eb16151d has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-64eb16151d` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-64eb16151d See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-64eb16151d has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.