Description of problem: Today after I updated my Fedora 34 desktop I noticed two Selinux alerts at startup that I haven't seen before Version-Release number of selected component (if applicable): selinux-policy-34.23-1.fc34.noarch How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: SELinux is preventing gdm-wayland-ses from write access on the sock_file bus. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gdm-wayland-ses should be allowed write access on the bus sock_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gdm-wayland-ses' --raw | audit2allow -M my-gdmwaylandses # semodule -X 300 -i my-gdmwaylandses.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:session_dbusd_tmp_t:s0 Target Objects bus [ sock_file ] Source gdm-wayland-ses Source Path gdm-wayland-ses Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-34.23-1.fc34.noarch Local Policy RPM selinux-policy-targeted-34.23-1.fc34.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux juno 5.15.13-100.fc34.x86_64 #1 SMP Wed Jan 5 17:06:02 UTC 2022 x86_64 x86_64 Alert Count 1 First Seen 2022-01-12 08:52:09 CET Last Seen 2022-01-12 08:52:09 CET Local ID 47b2270a-5c3b-458d-a669-9fec4fc540f5 Raw Audit Messages type=AVC msg=audit(1641973929.686:261): avc: denied { write } for pid=1645 comm="gdm-wayland-ses" name="bus" dev="tmpfs" ino=40 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=sock_file permissive=0 Hash: gdm-wayland-ses,xdm_t,session_dbusd_tmp_t,sock_file,write ------------------------------------------------------------------------ SELinux is preventing systemd-user-ru from unlink access on the sock_file bus. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that systemd-user-ru should be allowed unlink access on the bus sock_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'systemd-user-ru' --raw | audit2allow -M my-systemduserru # semodule -X 300 -i my-systemduserru.pp Additional Information: Source Context system_u:system_r:systemd_logind_t:s0 Target Context unconfined_u:object_r:session_dbusd_tmp_t:s0 Target Objects bus [ sock_file ] Source systemd-user-ru Source Path systemd-user-ru Port <Unknown> Host juno Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-34.23-1.fc34.noarch Local Policy RPM selinux-policy-targeted-34.23-1.fc34.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name juno Platform Linux juno 5.15.13-100.fc34.x86_64 #1 SMP Wed Jan 5 17:06:02 UTC 2022 x86_64 x86_64 Alert Count 1 First Seen 2022-01-12 08:52:43 CET Last Seen 2022-01-12 08:52:43 CET Local ID e332bfc3-411b-4b92-aea0-b4f57405b5ed Raw Audit Messages type=AVC msg=audit(1641973963.432:361): avc: denied { unlink } for pid=3231 comm="systemd-user-ru" name="bus" dev="tmpfs" ino=40 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=sock_file permissive=0 Hash: systemd-user-ru,systemd_logind_t,session_dbusd_tmp_t,sock_file,unlink
audit records with full auditing enabled: ---- type=PROCTITLE msg=audit(12.1.2022 11:15:48.345:3292) : proctitle=/usr/libexec/gdm-x-session dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart type=PATH msg=audit(12.1.2022 11:15:48.345:3292) : item=0 name=/run/user/42/bus inode=40 dev=00:38 mode=socket,666 ouid=gdm ogid=gdm rdev=00:00 obj=unconfined_u:object_r:session_dbusd_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(12.1.2022 11:15:48.345:3292) : cwd=/var/lib/gdm type=SOCKADDR msg=audit(12.1.2022 11:15:48.345:3292) : saddr={ saddr_fam=local path=/run/user/42/bus } type=SYSCALL msg=audit(12.1.2022 11:15:48.345:3292) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x5 a1=0x7ffd32d960b0 a2=0x6e a3=0x0 items=1 ppid=6148 pid=6176 auid=unset uid=gdm gid=gdm euid=gdm suid=gdm fsuid=gdm egid=gdm sgid=gdm fsgid=gdm tty=tty1 ses=unset comm=gdm-x-session exe=/usr/libexec/gdm-x-session subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(12.1.2022 11:15:48.345:3292) : avc: denied { write } for pid=6176 comm=gdm-x-session name=bus dev="tmpfs" ino=40 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=sock_file permissive=1 ---- type=PROCTITLE msg=audit(12.1.2022 11:16:01.750:3438) : proctitle=/usr/lib/systemd/systemd-user-runtime-dir stop 1004 type=PATH msg=audit(12.1.2022 11:16:01.750:3438) : item=1 name=bus inode=40 dev=00:3c mode=socket,666 ouid=user ogid=user rdev=00:00 obj=user_u:object_r:session_dbusd_tmp_t:s0 nametype=DELETE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=PATH msg=audit(12.1.2022 11:16:01.750:3438) : item=0 name=/ inode=1 dev=00:3c mode=dir,700 ouid=user ogid=user rdev=00:00 obj=user_u:object_r:user_tmp_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(12.1.2022 11:16:01.750:3438) : cwd=/ type=SYSCALL msg=audit(12.1.2022 11:16:01.750:3438) : arch=x86_64 syscall=unlinkat success=yes exit=0 a0=0x3 a1=0x55e489d7bd9b a2=0x0 a3=0x78 items=2 ppid=1 pid=6708 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-user-ru exe=/usr/lib/systemd/systemd-user-runtime-dir subj=system_u:system_r:systemd_logind_t:s0 key=(null) type=AVC msg=audit(12.1.2022 11:16:01.750:3438) : avc: denied { unlink } for pid=6708 comm=systemd-user-ru name=bus dev="tmpfs" ino=40 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=user_u:object_r:session_dbusd_tmp_t:s0 tclass=sock_file permissive=1
*** Bug 2039654 has been marked as a duplicate of this bug. ***
I've submitted a Fedora PR to address the issue: https://github.com/fedora-selinux/selinux-policy/pull/998
*** Bug 2040545 has been marked as a duplicate of this bug. ***
*** Bug 2039584 has been marked as a duplicate of this bug. ***
*** Bug 2040763 has been marked as a duplicate of this bug. ***
*** Bug 2039857 has been marked as a duplicate of this bug. ***
*** Bug 2040762 has been marked as a duplicate of this bug. ***
Similar problem has been detected: Error is detected after system update and reboot. hashmarkername: setroubleshoot kernel: 5.15.13-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing systemd-user-ru from 'unlink' accesses on the sock_file bus. type: libreport
Similar problem has been detected: Triggered after time logout using the following command: echo "gnome-session-quit --logout --force" | at now + ${MINUTES} minutes hashmarkername: setroubleshoot kernel: 5.15.13-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing systemd-user-ru from 'unlink' accesses on the sock_file bus. type: libreport
Similar problem has been detected: dnf upgrade && reboot hashmarkername: setroubleshoot kernel: 5.15.12-200.rog.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing systemd-user-ru from 'unlink' accesses on the sock_file bus. type: libreport
Similar problem has been detected: One of selinux errors after the upgrade F33 -> F34 hashmarkername: setroubleshoot kernel: 5.15.14-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing systemd-user-ru from 'unlink' accesses on the sock_file bus. type: libreport
Similar problem has been detected: I recevied the problem report just after logging in. There was no obvious cause. hashmarkername: setroubleshoot kernel: 5.15.13-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing systemd-user-ru from 'unlink' accesses on the sock_file bus. type: libreport
*** Bug 2041084 has been marked as a duplicate of this bug. ***
*** Bug 2041175 has been marked as a duplicate of this bug. ***
Similar problem has been detected: This happens every time I log into the GNOME on X.org session. hashmarkername: setroubleshoot kernel: 5.15.14-200.fc35.x86_64 package: selinux-policy-targeted-35.9-1.fc35.noarch reason: SELinux is preventing systemd-user-ru from 'unlink' accesses on the sock_file bus. type: libreport
Similar problem has been detected: this problem triggers when I boot and start an xfce session hashmarkername: setroubleshoot kernel: 5.15.14-200.fc35.x86_64 package: selinux-policy-targeted-35.9-1.fc35.noarch reason: SELinux is preventing systemd-user-ru from 'unlink' accesses on the sock_file bus. type: libreport
Similar problem has been detected: After system restart and login SELinux notified me of this issue. hashmarkername: setroubleshoot kernel: 5.15.14-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing systemd-user-ru from 'unlink' accesses on the sock_file bus. type: libreport
FEDORA-2022-f060667f1e has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2022-f060667f1e
*** Bug 2040983 has been marked as a duplicate of this bug. ***
Similar problem has been detected: happened during boot/startup after update hashmarkername: setroubleshoot kernel: 5.15.14-200.fc35.x86_64 package: selinux-policy-targeted-35.9-1.fc35.noarch reason: SELinux is preventing systemd-user-ru from 'unlink' accesses on the sock_file bus. type: libreport
Similar problem has been detected: Updated via DNF to the latest SELINUX updates (18 Jan 2022) and this occurred upon reboot hashmarkername: setroubleshoot kernel: 5.15.14-200.fc35.x86_64 package: selinux-policy-targeted-35.9-1.fc35.noarch reason: SELinux is preventing systemd-user-ru from 'unlink' accesses on the sock_file bus. type: libreport
Similar problem has been detected: installing kde de hashmarkername: setroubleshoot kernel: 5.15.15-200.fc35.x86_64 package: selinux-policy-targeted-35.9-1.fc35.noarch reason: SELinux is preventing systemd-user-ru from 'unlink' accesses on the sock_file bus. type: libreport
FEDORA-2022-f060667f1e has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-f060667f1e` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-f060667f1e See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Similar problem has been detected: It just happened when I turned on my computer. hashmarkername: setroubleshoot kernel: 5.15.14-200.fc35.x86_64 package: selinux-policy-targeted-35.9-1.fc35.noarch reason: SELinux is preventing systemd-user-ru from 'unlink' accesses on the sock_file bus. type: libreport
Similar problem has been detected: it just happened... again & again. hashmarkername: setroubleshoot kernel: 5.15.12-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing systemd-user-ru from 'unlink' accesses on the sock_file bus. type: libreport
Similar problem has been detected: I received this selinux alert when logging into the system after updating to the latest fedora 34 packages. hashmarkername: setroubleshoot kernel: 5.15.14-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing systemd-user-ru from 'unlink' accesses on the sock_file bus. type: libreport
(In reply to Cody Swanson from comment #27) > Similar problem has been detected: > > I received this selinux alert when logging into the system after updating to > the latest fedora 34 packages. > > hashmarkername: setroubleshoot > kernel: 5.15.14-100.fc34.x86_64 > package: selinux-policy-targeted-34.23-1.fc34.noarch > reason: SELinux is preventing systemd-user-ru from 'unlink' accesses > on the sock_file bus. > type: libreport Please update to selinux-policy-targeted-34.24-1.fc34.noarch
*** Bug 2042566 has been marked as a duplicate of this bug. ***
Similar problem has been detected: Unlock a running gnome session (from the lock screen). The unlock attempt hung after password entry, and I had to go through the switch user dialog to get another attempt at unlocking the screen. hashmarkername: setroubleshoot kernel: 5.15.14-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing gdm-wayland-ses from 'write' accesses on the sock_file bus. type: libreport
(In reply to Dennis Wagelaar from comment #30) > Similar problem has been detected: > > Unlock a running gnome session (from the lock screen). The unlock attempt > hung after password entry, and I had to go through the switch user dialog to > get another attempt at unlocking the screen. > > hashmarkername: setroubleshoot > kernel: 5.15.14-100.fc34.x86_64 > package: selinux-policy-targeted-34.23-1.fc34.noarch > reason: SELinux is preventing gdm-wayland-ses from 'write' accesses > on the sock_file bus. > type: libreport The report is not complete, but I believe it will be addressed by selinux-policy-34.24-1.fc34.noarch
Similar problem has been detected: Showed up when first logging in after a system update and reboot hashmarkername: setroubleshoot kernel: 5.15.16-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing systemd-user-ru from 'unlink' accesses on the sock_file bus. type: libreport
Similar problem has been detected: rebooted the node to apply updates, was greated by this selinux alert after the reboot. hashmarkername: setroubleshoot kernel: 5.15.16-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing systemd-user-ru from 'unlink' accesses on the sock_file bus. type: libreport
Similar problem has been detected: This problem started after some dnf upgrade. It's triggered after user login. hashmarkername: setroubleshoot kernel: 5.15.16-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing systemd-user-ru from 'unlink' accesses on the sock_file bus. type: libreport
Similar problem has been detected: I'm just logging into my XFCE session, and after one of the recent updates, I'm getting SELinux error messages now, saying that systemd-user-ru and tumblerd are not allowed to access unlink on sock_file. hashmarkername: setroubleshoot kernel: 5.15.16-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing systemd-user-ru from 'unlink' accesses on the sock_file bus. type: libreport
(In reply to Thomas Huth from comment #35) > I'm just logging into my XFCE session, and after one of the recent updates, > I'm getting SELinux error messages now, saying that systemd-user-ru and > tumblerd are not allowed to access unlink on sock_file. Ok, I can confirm that the issue with systemd-user-ru seems to be gone after upgrading to selinux-policy-34.24-1.fc34.src.rpm. However, the tumblerd issue still remains ... but that might be a dup of BZ 2042373 according to setroubleshoot...
Similar problem has been detected: System after powerup in gnom shell when i update using dnf updatte and flatpck update just call this problem hashmarkername: setroubleshoot kernel: 5.15.16-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing systemd-user-ru from 'unlink' accesses on the sock_file bus. type: libreport
Similar problem has been detected: probobly nvidia driver issue hashmarkername: setroubleshoot kernel: 5.15.16-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing gdm-wayland-ses from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: selinux write error on each login. hashmarkername: setroubleshoot kernel: 5.15.16-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing systemd-user-ru from 'unlink' accesses on the sock_file bus. type: libreport
*** Bug 2041054 has been marked as a duplicate of this bug. ***
FEDORA-2022-35e911cda6 has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-35e911cda6` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-35e911cda6 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-35e911cda6 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report.
*** Bug 2041268 has been marked as a duplicate of this bug. ***
*** Bug 2041055 has been marked as a duplicate of this bug. ***
*** Bug 2040984 has been marked as a duplicate of this bug. ***
*** Bug 2039682 has been marked as a duplicate of this bug. ***
Why is this closed? I get these annoying messages all day long, every time one or another graphics program is run. And it is persistent in Fedora 35 as well. Will it every be fixed?
The bug is closed because the reported problems have been addressed. A few additional problems will be a part of the next build.
Similar problem has been detected: I'm not sure. hashmarkername: setroubleshoot kernel: 5.15.14-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing dconf worker from 'write' accesses on the sock_file bus. type: libreport